Title: 2.9.2 SQL Injection? Last modified: August 19, 2016 --- # 2.9.2 SQL Injection? * [kulmu](https://wordpress.org/support/users/kulmu/) * (@kulmu) * [16 years, 2 months ago](https://wordpress.org/support/topic/292-sql-injection/) * I am having problems across several sites with what appears to be an SQL injection attack that is modifying the Admin email to [xpxd1@hotmail.com](https://wordpress.org/support/topic/292-sql-injection/xpxd1@hotmail.com?output_format=md) and also changing the password. It also is replacing the theme files to reflect the hack. * Several of the blogs affected contain no Plugins aside from Block Bad Queries( BBQ) which was installed after the first blog was affected. * Anyone aware of this issue? Viewing 3 replies - 1 through 3 (of 3 total) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [16 years, 2 months ago](https://wordpress.org/support/topic/292-sql-injection/#post-1458036) * Sounds familiar. * [http://wordpress.org/support/topic/385477?replies=21](http://wordpress.org/support/topic/385477?replies=21) * This reply is your best bet for a solution. * [http://wordpress.org/support/topic/385477?replies=21#post-1469684](http://wordpress.org/support/topic/385477?replies=21#post-1469684) * Thread Starter [kulmu](https://wordpress.org/support/users/kulmu/) * (@kulmu) * [16 years, 2 months ago](https://wordpress.org/support/topic/292-sql-injection/#post-1458037) * I looked at that, but my wp_options is not being modified as part of the process. * I have tried to delete and reinstall WordPress twice now and it is still being affected. * Thread Starter [kulmu](https://wordpress.org/support/users/kulmu/) * (@kulmu) * [16 years, 2 months ago](https://wordpress.org/support/topic/292-sql-injection/#post-1458070) * ***.**.**.*** – – [08/Apr/2010:11:32:39 -0500] “GET /wp-admin/theme-editor.php HTTP/1.1” 200 32691 “[http://www.SITEURL.com/wp-admin/themes.php”](http://www.SITEURL.com/wp-admin/themes.php”);“ Mozilla/5.0 (Windows; U; Windows NT 5.1; ar; rv:1.9.1.9) Gecko/20100315 Firefox/ 3.5.9” * This is what I have traced it to. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘2.9.2 SQL Injection?’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [kulmu](https://wordpress.org/support/users/kulmu/) * Last activity: [16 years, 2 months ago](https://wordpress.org/support/topic/292-sql-injection/#post-1458070) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics