[tmanhphuc]

Hi,
My website was hacked, i used wpscan (http://wpscan.org/) scan vulnerabilities

[+] Name: bbpress – v2.5.4

[!] Title: BBPress – Multiple Script Malformed Input Path Disclosure
Reference: http://xforce.iss.net/xforce/xfdb/78244
Reference: http://packetstormsecurity.com/files/116123/
Reference: http://osvdb.org/86399
Reference: http://www.exploit-db.com/exploits/22396/

[!] Title: BBPress – forum.php page Parameter SQL Injection
Reference: http://xforce.iss.net/xforce/xfdb/78244
Reference: http://packetstormsecurity.com/files/116123/
Reference: http://osvdb.org/86400
Reference: http://www.exploit-db.com/exploits/22396/

How to fix it ?

Thanks

[Robin W]

You need to start working your way through these resources:
https://codex.wordpress.org/FAQ_My_site_was_hacked
https://wordpress.org/support/topic/268083#post-1065779

How To Completely Clean Your Hacked WordPress Installation

http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

[Stephen Edgar]

@tmanhphuc None of the issues you link to relate to the bbPress v2.x plugin, these are all old vulnerabilities for the bbPress v1.x standalone version of bbPress, these have all been patched in the bbPress v1.2 branch.

[Stephen Edgar]

Further to the above, it looks like wpscan pings some databases and looks for exploits in anything named ‘bbPress’ and in our case, it’s finding those false positives which only relate to the old bbPress 1.x ‘standalone’ version of bbPress.

[John James Jacoby]

Echoing what Stephen said above, these issues are not actual issues (with bbPress 1.x or 2.x) and in are in no way responsible for anything that could have happened to your site.

When something is not installed incorrectly, of course it isn’t going to work correctly. These issues are akin to installing your TV with the screen facing the wall, and complaining that you can’t see it from the couch. 🙂

If it so happens any security issues are found in any version of bbPress, please do not publicly report them in these forums. Instead, responsibly disclose us:

https://codex.wordpress.org/FAQ_Security

We try to be really good about fixing any security issues ASAP.