Support » Plugin: Simple Login Log » Security issues in wpsecure.net

Viewing 2 replies - 1 through 2 (of 2 total)
  • I have deactivated this plugin. I seek in the script for realescape sql-Code in User-Agent and found nothing. Pleas fix that security issue. The hacker can modify his header and sent a SQL-Injection as Useragent. This SQL execute unproofe to the SQL-Database. I can´t find that “$wpdb->insert” automaticaly realescaped the String. I´m sorry for my bad english.

    Please use $wpdb->_escape($value) before $wpdb->insert( $this->table, $values, $format )

    I hope there is no misstake in my post.

    Greeze from Germany

    Oski

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security issues in wpsecure.net’ is closed to new replies.