WordPress.org

Plugin Directory

Opened 3 years ago

#1588 new defect

Sql injection vulnerability

Reported by: marcelinha26 Owned by: vinoj.cardoza
Priority: high Severity: major
Plugin: not-listed Keywords: sql injection, ajax search box
Cc:

Description

This plugin suffers from a sql injection in the srch_txt textfield because it is not well sanitized. It only uses the stripslashes function which does not prevent the sql injection at all.

Attachments (1)

pluginticket.jpeg (26.2 KB) - added by marcelinha26 3 years ago.
In my example the only post published was: eucalyptus. The others were not published, they were in the draft folder

Download all attachments as: .zip

Change History (1)

@marcelinha263 years ago

In my example the only post published was: eucalyptus. The others were not published, they were in the draft folder

Note: See TracTickets for help on using tickets.