Title: [Plugin: Z-Vote] SQL Injection Vulnerability
Last modified: August 19, 2016

---

# [Plugin: Z-Vote] SQL Injection Vulnerability

 *  [Vladimir Kolesnikov](https://wordpress.org/support/users/vladimir_kolesnikov/)
 * (@vladimir_kolesnikov)
 * [15 years, 2 months ago](https://wordpress.org/support/topic/plugin-z-vote-sql-injection-vulnerability/)
 * Advisory: [http://www.exploit-db.com/exploits/16218/](http://www.exploit-db.com/exploits/16218/)
 * [Patch](http://static.sjinks.info/wp-content/uploads/2011/02/z-vote.diff):
 *     ```
       diff -uwdBrN z-vote.orig/zvote.php z-vote/zvote.php
       --- z-vote.orig/zvote.php	2011-02-25 21:05:44.000000000 +0200
       +++ z-vote/zvote.php	2011-02-25 21:10:46.531798756 +0200
       @@ -9,6 +9,8 @@
          License: GPL
        */
   
       +	defined('ABSPATH') or die();
       +
        // --- DEFINITIONS
   
        	//define where zvote is installed on the wordpres system. In 99.9% of the case the path below is correct.
       @@ -271,7 +273,7 @@
        function zVote_getEntry($postid) {
        	global $wpdb;
   
       -	$entries = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . ""));
       +	$entries = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d", $postid));
   
        	return $entries;
        }
       @@ -282,7 +284,7 @@
        	global $wpdb;
   
        	$votes = 0;
       -	$votes = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . ""));
       +	$votes = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d", $postid));
   
        	return $votes;
        }
       @@ -292,7 +294,7 @@
   
        	global $wpdb;
   
       -	$votes = $wpdb->get_var($wpdb->prepare("DELETE FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . ""));
       +	$votes = $wpdb->get_var($wpdb->prepare("DELETE FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d", $postid));
   
        	return $votes;
        }
       @@ -353,7 +355,7 @@
        	global $wpdb;
   
        	//ipcheck for now, will expand to userid-check, based on the user setting in version 1.5
       -	$ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . " AND userip = \"" . $_SERVER['REMOTE_ADDR'] . "\""));
       +	$ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d AND userip = %s", $postid, $_SERVER['REMOTE_ADDR']));
   
        	$wpdb->insert( $wpdb->prefix . 'zvotedata', array( 'postid' => $postid, 'userip' => $_SERVER['REMOTE_ADDR'], 'userid' => 0, 'time' => time() ), array( '%d','%s', '%d', '%d' ) );
   
       @@ -365,7 +367,7 @@
        	global $wpdb, $wp_query, $redirect_meta_key;
   
        	//ipcheck for now, will expand to userid-check, based on the user setting in version 1.5
       -	$ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . " AND userip = \"" . $_SERVER['REMOTE_ADDR'] . "\""));
       +	$ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d AND userip = %d", $postid, $_SERVER['REMOTE_ADDR']));
   
        	if (!$ipcheck) {
        		//ok to vote, register vote
       @@ -382,7 +384,7 @@
        		}
   
        		//send user to post
       -		header('Location: ' .$injectionPoint);
       +		wp_redirect($injectionPoint);
        		exit;
        	} else {
        		//user already registered, push to entry-page and inform the user.
       @@ -394,7 +396,7 @@
        			$injectionPoint = $post . '?zvoters=2';
        		}
   
       -		header('Location: ' .$injectionPoint);
       +		wp_redirect($injectionPoint);
        		exit;
        	}
        	exit;
       ```
   
 * [More details (Russian)](http://blog.sjinks.pro/security/902-sql-injection-vulnerability-z-vote/)

The topic ‘[Plugin: Z-Vote] SQL Injection Vulnerability’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/z-vote.svg)
 * [Z-Vote](https://wordpress.org/plugins/z-vote/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/z-vote/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/z-vote/)
 * [Active Topics](https://wordpress.org/support/plugin/z-vote/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/z-vote/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/z-vote/reviews/)

## Tags

 * [sql injection](https://wordpress.org/support/topic-tag/sql-injection/)

 * 0 replies
 * 1 participant
 * Last reply from: [Vladimir Kolesnikov](https://wordpress.org/support/users/vladimir_kolesnikov/)
 * Last activity: [15 years, 2 months ago](https://wordpress.org/support/topic/plugin-z-vote-sql-injection-vulnerability/)
 * Status: not resolved