VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Aug 01, 2014

Mingle Forum Vulnerabilities

Review known vulnerability records for the WordPress plugin Mingle Forum (`mingle-forum`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2012-5328 and CVE-2012-5327, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
6
Patch Coverage
100%
Last Updated
Jan 22, 2024
Priority CVE Quick Links

Fast paths into Mingle Forum CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2013-0735 Critical 1.0.34
CVE-2013-0735 Mingle Forum SQL Injection

Mingle Forum <= 1.0.33.3 - SQL Injection

CVE-2012-5328 High 1.0.33
CVE-2012-5328 Mingle Forum SQL Injection

Mingle Forum <= 1.0.32.1 - SQL Injection

CVE-2012-5327 High 1.0.33
CVE-2012-5327 Mingle Forum SQL Injection

Mingle Forum <= 1.0.32.1 - SQL Injection

CVE-2013-0736 High 1.0.35
CVE-2013-0736 Mingle Forum Cross-Site Scripting

Mingle Forum <= 1.0.34 - Cross-Site Request Forgery

CVE-2013-0734 High 1.0.34
CVE-2013-0734 Mingle Forum Stored Cross-Site Scripting

Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Mingle Forum so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 5 high severity findings.
Recent CVEs
CVE-2012-5328 and CVE-2012-5327
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Mingle Forum

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2012-5328
CVE-2012-5328: Mingle Forum <= 1.0.32.1 - SQL Injection

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id par...

Published
Aug 01, 2014
Patched Release
1.0.33
Affected Versions
Versions before 1.0.33
Next Step
Update to 1.0.33 or newer if supported.
Open CVE-2012-5328 Report Open CVE Reference
Plugin High Patched: Yes
Mingle Forum < 1.0.34 - Unauthenticated SQL Injection

The Mingle Forum plugin for WordPress is vulnerable to generic SQL Injection in versions up to 1.0.34 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

Published
Aug 01, 2014
Patched Release
1.0.34
Affected Versions
Versions before 1.0.34
Next Step
Update to 1.0.34 or newer if supported.
Open Full Report
Plugin High Patched: Yes CVE-2012-5327
CVE-2012-5327: Mingle Forum <= 1.0.32.1 - SQL Injection

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups actio...

Published
Aug 01, 2014
Patched Release
1.0.33
Affected Versions
Versions up to 1.0.32.1
Next Step
Update to 1.0.33 or newer if supported.
Open CVE-2012-5327 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2013-0735
CVE-2013-0735: Mingle Forum <= 1.0.33.3 - SQL Injection

Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in...

Published
Feb 20, 2013
Patched Release
1.0.34
Affected Versions
Versions up to 1.0.33.3
Next Step
Update to 1.0.34 or newer if supported.
Open CVE-2013-0735 Report Open CVE Reference
Plugin High Patched: Yes CVE-2013-0734
CVE-2013-0734: Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_...

Published
Feb 20, 2013
Patched Release
1.0.34
Affected Versions
Versions up to 1.0.33.3
Next Step
Update to 1.0.34 or newer if supported.
Open CVE-2013-0734 Report Open CVE Reference
Plugin High Patched: Yes CVE-2013-0736
CVE-2013-0736: Mingle Forum <= 1.0.34 - Cross-Site Request Forgery

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (...

Published
Jan 02, 2013
Patched Release
1.0.35
Affected Versions
Versions up to 1.0.34
Next Step
Update to 1.0.35 or newer if supported.
Open CVE-2013-0736 Report Open CVE Reference
Plugin Medium Patched: Yes
Mingle Forum <= 1.0.33 - Cross-Site Scripting

The Mingle Forum plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions up to, and including, 1.0.33 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execut...

Published
May 15, 2012
Patched Release
1.0.33.2
Affected Versions
Versions up to 1.0.33
Next Step
Update to 1.0.33.2 or newer if supported.
Open Full Report