Support » Plugin: Email Log » Possible Plugin vulnerability

  • Resolved treecutter

    (@treecutter)


    Hi Sudar

    WordPress just released 4.8.3 to plug a SQL injection vulnerability.

    Here is the blog by the security researcher who seems to have found the vulnerability :
    https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html?source=wordfence

    At the bottom of the blog a contributor has commented :

    If you want to know if any plugin or theme will may have any trouble you can use the following commands: grep -r ‘$wpdb->prepare’ . | grep ‘$_POST’ grep -r ‘$wpdb->prepare’ . | grep ‘$_GET’ grep -r ‘$wpdb->prepare’ . | grep ‘esc_sql’.

    Running the above returns the $wpdb->prepare statement in the code for your Email Log plugin

    Just thought you might want to look at this, hope it helps, many thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Sudar Muthu

    (@sudar)

    Thanks for reporting this. I am looking into it right away to see if it needs a fix.

    Plugin Author Sudar Muthu

    (@sudar)

    I have gone through the code and verified that this vulnerability doesn’t affect Email Log plugin.

    Thanks again for sharing the original article.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible Plugin vulnerability’ is closed to new replies.