CVE-2025-11452SQL Injection in Forum

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 75.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asgaros Forum
Timeline
PublishedNov 8

Description

The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5asgaros/asgaros_forum3.1.0

🔴Vulnerability Details

2
GHSA
GHSA-m598-vr3f-944r: The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to,2025-11-08
CVEList
Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection2025-11-08
CVE-2025-11452 — SQL Injection in Asgaros Forum | cvebase