CVE-2012-6625

ForumPress < 1.7.4 - SQL Injection via groupid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6625. PoCs published by Miroslav Stampar.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in WordPress WP Forum Server plugin <= 1.7. The PoC uses a time-based blind SQL injection technique via the 'edit_post_id' parameter to execute arbitrary SQL queries.

Description

SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Miroslav Stampar · textwebappsphp
https://www.exploit-db.com/exploits/17828

This exploit demonstrates a SQL injection vulnerability in WordPress WP Forum Server plugin <= 1.7. The PoC uses a time-based blind SQL injection technique via the 'edit_post_id' parameter to execute arbitrary SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress WP Forum Server plugin <= 1.7
No auth needed
Prerequisites: Target must have the vulnerable plugin installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/extend/plugins/forum-server/changelog/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53530

Scores

EPSS 0.0476
EPSS Percentile 90.7%

Details

CWE
CWE-89
Status published
Products (22)
vasthtml/forumpress 1.0
vasthtml/forumpress 1.1
vasthtml/forumpress 1.2
vasthtml/forumpress 1.3
vasthtml/forumpress 1.4
vasthtml/forumpress 1.5
vasthtml/forumpress 1.5.1
vasthtml/forumpress 1.5.2
vasthtml/forumpress 1.6
vasthtml/forumpress 1.6.2
... and 12 more
Published Jan 16, 2014
Tracked Since Feb 18, 2026