Security issues in wpsecure.net | WordPress.org

riderkick
(@riderkick)

13 years, 3 months ago

Hi Max.

I’m using your great plugin. Thank you for sharing.
I’ve found this page in wpsecure.net about vulnerabilities in your plugin.
Is this bugs are fixed in 0.9.4 version ?

Thanks in advance and sorry for my poor english

http://wordpress.org/extend/plugins/simple-login-log/

Viewing 2 replies - 1 through 2 (of 2 total)

Oski1983
(@oski1983)

13 years, 3 months ago

I have deactivated this plugin. I seek in the script for realescape sql-Code in User-Agent and found nothing. Pleas fix that security issue. The hacker can modify his header and sent a SQL-Injection as Useragent. This SQL execute unproofe to the SQL-Database. I can´t find that “$wpdb->insert” automaticaly realescaped the String. I´m sorry for my bad english.

Oski1983
(@oski1983)

13 years, 3 months ago

Please use $wpdb->_escape($value) before $wpdb->insert( $this->table, $values, $format )

I hope there is no misstake in my post.

Greeze from Germany

Oski

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security issues in wpsecure.net’ is closed to new replies.

2 replies
2 participants
Last reply from: Oski1983
Last activity: 13 years, 3 months ago
Status: not resolved