SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
https://plugins.trac.wordpress.org/changeset/532918
http://www.securityfocus.com/bid/53530