I am in the process of creating a WordPress web site including using Leaflet Maps Marker which I really like. However, according to http://thesoulofdesign.com/2012/10/leaflet-maps-marker-sqli-vulnerable-wp-plugin.html, Leaflet Maps Marker is vulnerable to SQL injection. Can you advise whether this is a true vulnerability that I need to be concerned about? Thanks.
Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)
[resolved] SQL injection vulnerability? (4 posts)
-
Dangthrimble
Posted 6 months ago #
-
RobertHarm
Posted 6 months ago #
Hi,
v2.2 of the plugin was audited by a security company and several issues were found which were all solves with v2.3. So this security warning is no longer valid and Maps Marker thus safe to use :-)
regards,
RobertPS: as I give support for free, I'd really appreciate a vote for my plugin on http://wordpress.org/extend/plugins/leaflet-maps-marker ;-)
-
Posted 6 months ago #
Hi again,
checked the info page again - I am not sure to what the author is referring (the old security report or a new one). According to his description I dont see how my plugin should be used for this kind of attack - I will contact him for details on how to reproduce this (my guess is still that he references the old security issues which already have been fixed...) -
Posted 6 months ago #
Hi,
the author just updated the info on his website - as guessed he was referring to security issues which were found in v2.2 and fixed with v2.3.
regards,
Robert
Reply
You must log in to post.
