CVE-2018-11515by Jeremyin Security Bulletinson Posted on May 28, 2018 The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.