WordPress.org

Ready to get started?Download WordPress

Forums

Simple Login Log
Security issues in wpsecure.net (3 posts)

  1. riderkick
    Member
    Posted 1 year ago #

    Hi Max.

    I'm using your great plugin. Thank you for sharing.
    I've found this page in wpsecure.net about vulnerabilities in your plugin.
    Is this bugs are fixed in 0.9.4 version ?

    Thanks in advance and sorry for my poor english

    http://wordpress.org/extend/plugins/simple-login-log/

  2. Oski1983
    Member
    Posted 1 year ago #

    I have deactivated this plugin. I seek in the script for realescape sql-Code in User-Agent and found nothing. Pleas fix that security issue. The hacker can modify his header and sent a SQL-Injection as Useragent. This SQL execute unproofe to the SQL-Database. I can´t find that "$wpdb->insert" automaticaly realescaped the String. I´m sorry for my bad english.

  3. Oski1983
    Member
    Posted 1 year ago #

    Please use $wpdb->_escape($value) before $wpdb->insert( $this->table, $values, $format )

    I hope there is no misstake in my post.

    Greeze from Germany

    Oski

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.