Unrated severityNVD Advisory· Published Feb 21, 2011· Updated Apr 29, 2026
CVE-2011-1047
CVE-2011-1047
Description
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
Affected products
2cpe:2.3:a:vasthtml:forum_server:1.6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vasthtml:forum_server:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vasthtml:forum_server:1.6.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- securityreason.com/securityalert/8099nvdExploit
- www.securityfocus.com/bid/46362nvdExploit
- secunia.com/advisories/43306nvdVendor Advisory
- osvdb.org/70993nvd
- osvdb.org/70994nvd
- www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.htmlnvd
- www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_1.htmlnvd
- www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_2.htmlnvd
- www.securityfocus.com/archive/1/516400/100/0/threadednvd
- www.securityfocus.com/archive/1/516402/100/0/threadednvd
News mentions
0No linked articles in our index yet.