Title: [Plugin: Subscribe2] SQL injection vulnerabilities
Last modified: August 20, 2016

---

# [Plugin: Subscribe2] SQL injection vulnerabilities

 *  Resolved [holizz](https://wordpress.org/support/users/holizz/)
 * (@holizz)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-subscribe2-sql-injection-vulnerabilities/)
 * We found at least one error in our logs because unescaped data was being inserted
   into an SQL statement (we didn’t exploit it, that’s left as an exercise for the
   reader). Here’s a patch against v8.3 that should hopefully prevent SQL injection
   attacks or accidents:
 * [https://gist.github.com/2954136](https://gist.github.com/2954136)
 * I haven’t thoroughly tested it, but it’s a bit less vulnerable at least.
 * Thanks,
    Tom Adams dxw
 * [http://wordpress.org/extend/plugins/subscribe2/](http://wordpress.org/extend/plugins/subscribe2/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [Matt Robinson](https://wordpress.org/support/users/mattyrob/)
 * (@mattyrob)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-subscribe2-sql-injection-vulnerabilities/#post-2830516)
 * Tom / holizz,
 * Thanks for taking the time to make a code submission. I’ll get patching and testing.
 *  [Matt Robinson](https://wordpress.org/support/users/mattyrob/)
 * (@mattyrob)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-subscribe2-sql-injection-vulnerabilities/#post-2830720)
 * [@tom](https://wordpress.org/support/users/tom/) / holizz,
 * I’ve added some comments to the github code – I’m testing the changes now but
   some of the patched code doesn’t fly in PHP 5.2.x so it needed amending. If you
   get chance have a look and see if you think the changes are okay.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin: Subscribe2] SQL injection vulnerabilities’ is closed to new 
replies.

 * ![](https://ps.w.org/subscribe2/assets/icon-256x256.png?rev=2318630)
 * [Subscribe2 - Form, Email Subscribers & Newsletters](https://wordpress.org/plugins/subscribe2/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/subscribe2/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/subscribe2/)
 * [Active Topics](https://wordpress.org/support/plugin/subscribe2/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/subscribe2/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/subscribe2/reviews/)

## Tags

 * [attack](https://wordpress.org/support/topic-tag/attack/)
 * [sql](https://wordpress.org/support/topic-tag/sql/)

 * 2 replies
 * 2 participants
 * Last reply from: [Matt Robinson](https://wordpress.org/support/users/mattyrob/)
 * Last activity: [13 years, 9 months ago](https://wordpress.org/support/topic/plugin-subscribe2-sql-injection-vulnerabilities/#post-2830720)
 * Status: resolved