# Exploit Title: WordPress Mingle Forum plugin <= 1.0.32.1 Multiple Vulnerabilities # Date: 2012/01/18 # Author: Gianluca Brindisi (g@brindi.si @gbrindisi http://brindi.si/g/) # Software Link: http://downloads.wordpress.org/plugin/mingle-forum.1.0.32.1.zip # Version: 1.0.32.1 You need an authenticated session to exploit the following vulnerabilities. 1) SQL Injection: POST: admin.php?page=mfgroups&mingleforum_Action=usergroups delete_usergroups: Delete dele_usrgrp%5B%5D: 1 [SQLI] Vulnerable c...
