User Self Delete
SQL Injection Vulnerability (1 post)

  1. Vladimir Kolesnikov
    Posted 5 years ago #

    if ($_POST['delete_me'] == "yes") {
          mysql_query("DELETE FROM wp_users WHERE id='".$_POST['user_ID']."'");
          echo '<script type="text/javascript">window.location = "'.get_option('siteurl') . '/wp-login.php"</script>';

    This is stupid as $_POST['user_ID'] is never sanitized and if I pass 1 OR 1 as the ID, the plugin will happily delete ALL users from the database. Is your commercial version that buggy, too?

    The next issue is that the plugin does not use WP API to delete the user — yes, it removes the entry from wp_users table (BTW, the prefix is not guaranteed to be "wp_" and it was stupid to hardcode it) but what about wp_usermeta table? And all other related tables?

    I strongly do NOT recommend to use this plugin.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • User Self Delete
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

  • RSS feed for this topic
  • Started 5 years ago by Vladimir Kolesnikov
  • This topic is not resolved
  • WordPress version: 3.0.4