WordPress.org

Support

Support » Reviews » WordPress Facebook » it tooks 20 sec to hack it

it tooks 20 sec to hack it

  • if(isset($_POST['search_events_by_title'])){
    		$search_tag=$_POST['search_events_by_title'];
    		}
    ...
    	if ( $search_tag ) {
    		$where= ' WHERE title LIKE "%'.$search_tag.'%"';
    	}
    ...
    	$query = "SELECT * FROM ".$wpdb->prefix."spiderfacebook_params".$where." ". $order." "." LIMIT ".$limit.",20";

    looks l

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author webdorado

    @webdorado

    Dear lintaba,

    We have fixed the vulnerability, please update the plugin.

    Dear webdorado,

    its a good thing to hear that you’ve fixed it in a short time. But the plugin would really require a higher-level review, since the latest version still contains other vulns.

    While its haven’t been completly reviewed, i would not recommend this plugin for any wordpress site.

    Currently these 72k+ site where your plugin is installed might be in a real danger.

    arghh – plz help to fix this hole. we need your help to fix this alert.
    plz get into contact with the developers at webdorado.

    i just have installed the plugin – and i am amazed bout the features.
    the features are great – and i think that this plugin is much better than the competitors.

    love to hear from you lintaba

    Plugin Author webdorado

    @webdorado

    Dear say_hello,

    The vulnerability issue is currently resolved. You can safely use the plugin. Thank you.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘it tooks 20 sec to hack it’ is closed to new replies.
Skip to toolbar