WordPress.org

Forums

WordPress Facebook
it tooks 20 sec to hack it (5 posts)

  1. lintaba
    Member
    Posted 9 months ago #

    if(isset($_POST['search_events_by_title'])){
    		$search_tag=$_POST['search_events_by_title'];
    		}
    ...
    	if ( $search_tag ) {
    		$where= ' WHERE title LIKE "%'.$search_tag.'%"';
    	}
    ...
    	$query = "SELECT * FROM ".$wpdb->prefix."spiderfacebook_params".$where." ". $order." "." LIMIT ".$limit.",20";

    looks l

  2. webdorado
    Member
    Plugin Author

    Posted 9 months ago #

    Dear lintaba,

    We have fixed the vulnerability, please update the plugin.

  3. lintaba
    Member
    Posted 9 months ago #

    Dear webdorado,

    its a good thing to hear that you've fixed it in a short time. But the plugin would really require a higher-level review, since the latest version still contains other vulns.

    While its haven't been completly reviewed, i would not recommend this plugin for any wordpress site.

    Currently these 72k+ site where your plugin is installed might be in a real danger.

  4. say_hello
    Member
    Posted 3 months ago #

    arghh - plz help to fix this hole. we need your help to fix this alert.
    plz get into contact with the developers at webdorado.

    i just have installed the plugin - and i am amazed bout the features.
    the features are great - and i think that this plugin is much better than the competitors.

    love to hear from you lintaba

  5. webdorado
    Member
    Plugin Author

    Posted 3 months ago #

    Dear say_hello,

    The vulnerability issue is currently resolved. You can safely use the plugin. Thank you.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.