Possible Plugin vulnerability
-
Hi Sudar
Wordpress just released 4.8.3 to plug a SQL injection vulnerability.
Here is the blog by the security researcher who seems to have found the vulnerability :
https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html?source=wordfenceAt the bottom of the blog a contributor has commented :
If you want to know if any plugin or theme will may have any trouble you can use the following commands: grep -r ‘$wpdb->prepare’ . | grep ‘$_POST’ grep -r ‘$wpdb->prepare’ . | grep ‘$_GET’ grep -r ‘$wpdb->prepare’ . | grep ‘esc_sql’.
Running the above returns the $wpdb->prepare statement in the code for your Email Log plugin
Just thought you might want to look at this, hope it helps, many thanks
- The topic ‘Possible Plugin vulnerability’ is closed to new replies.