cbcvebase.
CVE-2025-4203
published 2025-10-25

CVE-2025-4203: The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and…

PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.34%
25.5th percentile
The wpForo Forum plugin for WordPress is vulnerable to error‐based or time-based SQL Injection via the get_members() function in all versions up to, and including, 2.4.8 due to missing integer validation on the 'offset' and 'row_count' parameters. The function blindly interpolates 'row_count' into a 'LIMIT offset,row_count' clause using esc_sql() rather than enforcing numeric values. MySQL 5.x’s grammar allows a 'PROCEDURE ANALYSE' clause immediately after a LIMIT clause. Unauthenticated attackers controlling 'row_count' can append a stored‐procedure call, enabling error‐based or time‐based blind SQL injection that can be used to extract sensitive information from the database.

Affected

4 ranges
VendorProductVersion rangeFixed in
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_kernel_5.10.111.1-1_on_cbl_mariner_1.0
tomdeverwpforo_forum<= 2.4.8

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_msrc6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.