WP Forum Server for WordPress Multiple SQL Injection Vulnerabilities

WP Forum Server is a forum plugin for WordPress. The application is exposed to an SQL injection issue because it fails to properly sanitize input in the "id" parameter of the "wp-content/plugins/forum-server/wpf-post.php" script and the "search_max" parameter of the "index.php" script. WP Forum Server version 1.6.5 is affected.Ref: http://www.htbridge.ch/advisory/