Simple Login Log
Security issues in wpsecure.net (3 posts)

  1. riderkick
    Posted 2 years ago #

    Hi Max.

    I'm using your great plugin. Thank you for sharing.
    I've found this page in wpsecure.net about vulnerabilities in your plugin.
    Is this bugs are fixed in 0.9.4 version ?

    Thanks in advance and sorry for my poor english


  2. Oski1983
    Posted 2 years ago #

    I have deactivated this plugin. I seek in the script for realescape sql-Code in User-Agent and found nothing. Pleas fix that security issue. The hacker can modify his header and sent a SQL-Injection as Useragent. This SQL execute unproofe to the SQL-Database. I can´t find that "$wpdb->insert" automaticaly realescaped the String. I´m sorry for my bad english.

  3. Oski1983
    Posted 2 years ago #

    Please use $wpdb->_escape($value) before $wpdb->insert( $this->table, $values, $format )

    I hope there is no misstake in my post.

    Greeze from Germany


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Simple Login Log
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.