SQL injection vulnerability? | WordPress.org

Resolved Dangthrimble
(@dangthrimble)

11 years, 5 months ago

I am in the process of creating a WordPress web site including using Leaflet Maps Marker which I really like. However, according to http://thesoulofdesign.com/2012/10/leaflet-maps-marker-sqli-vulnerable-wp-plugin.html, Leaflet Maps Marker is vulnerable to SQL injection. Can you advise whether this is a true vulnerability that I need to be concerned about? Thanks.

http://wordpress.org/extend/plugins/leaflet-maps-marker/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Robert Seyfriedsberger
(@harmr)

11 years, 5 months ago

Hi,
v2.2 of the plugin was audited by a security company and several issues were found which were all solves with v2.3. So this security warning is no longer valid and Maps Marker thus safe to use 🙂
regards,
Robert

PS: as I give support for free, I’d really appreciate a vote for my plugin on http://wordpress.org/extend/plugins/leaflet-maps-marker 😉

Plugin Author Robert Seyfriedsberger
(@harmr)

11 years, 5 months ago

Hi again,
checked the info page again – I am not sure to what the author is referring (the old security report or a new one). According to his description I dont see how my plugin should be used for this kind of attack – I will contact him for details on how to reproduce this (my guess is still that he references the old security issues which already have been fixed…)

Plugin Author Robert Seyfriedsberger
(@harmr)

11 years, 5 months ago

Hi,
the author just updated the info on his website – as guessed he was referring to security issues which were found in v2.2 and fixed with v2.3.
regards,
Robert

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘SQL injection vulnerability?’ is closed to new replies.

Tags

sql

In: Plugins
3 replies
2 participants
Last reply from: Robert Seyfriedsberger
Last activity: 11 years, 5 months ago
Status: resolved