CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Date published : 2012-09-04
http://seclists.org/bugtraq/2012/Apr/4