Title: SQL injection Last modified: August 5, 2020 --- # SQL injection * Resolved [karlfee](https://wordpress.org/support/users/karlfee/) * (@karlfee) * [5 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-24/) * My webserver’s firewall gives me an error when turning on **Page scroll to id’s**“ offset” value. * The error protocol of my website says: * ``` ... [line "87"] [id "341245"] [rev "44"] [msg "Atomicorp.com WAF Rules: SQL injection attack (detectSQLi)"] [data "sos,ARGS:page_scroll_to_id_0_selector"] [severity "CRITICAL"] [tag "SQLi"] Access denied with code 403 (phase 2). detected SQLi using libinjection with fingerprint 'sos' ... ``` * Is this a serious issue with the plug-in, or am I just getting it not right? - This topic was modified 5 years, 9 months ago by [karlfee](https://wordpress.org/support/users/karlfee/). - This topic was modified 5 years, 9 months ago by [karlfee](https://wordpress.org/support/users/karlfee/). Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [malihu](https://wordpress.org/support/users/malihu/) * (@malihu) * [5 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-24/#post-13211749) * Hi, * The plugin has never been in any vulnerabilities list or has any known security issues. * I can’t really say how using its offset feature can possibly cause an issue. Does this happen when you enter a value in offset field option? * Thread Starter [karlfee](https://wordpress.org/support/users/karlfee/) * (@karlfee) * [5 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-24/#post-13211779) * Thanks Malihu, * I found that actually trying to save the settings of the plugin leads to that error. Even if no value has been changed. * Plugin Author [malihu](https://wordpress.org/support/users/malihu/) * (@malihu) * [5 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-24/#post-13211842) * No problem. * Try to change the “Selector(s)” option value to something like .test * Maybe this is some false positive by the firewall because the default selector value is a standard css selector. In addition, all plugin options are sanitized by WordPress functions, so I can’t really say how this would cause an SQL injection. * Thread Starter [karlfee](https://wordpress.org/support/users/karlfee/) * (@karlfee) * [5 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-24/#post-13211884) * > Try to change the “Selector(s)” option value to something like .test * That was the problem. No error with ‘.test’. I’m back on the track now. * Thanks again for your help! Much appreciated. * Plugin Author [malihu](https://wordpress.org/support/users/malihu/) * (@malihu) * [5 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-24/#post-13211917) * Ok. This is definitely a false positive from the firewall. Not sure if you want to change plugins selector or keep using the default one (I would keep using the default selector) but if you need more help let me know. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘SQL injection’ is closed to new replies. * ![](https://ps.w.org/page-scroll-to-id/assets/icon-256x256.png?rev=1401043) * [Page scroll to id](https://wordpress.org/plugins/page-scroll-to-id/) * [Frequently Asked Questions](https://wordpress.org/plugins/page-scroll-to-id/#faq) * [Support Threads](https://wordpress.org/support/plugin/page-scroll-to-id/) * [Active Topics](https://wordpress.org/support/plugin/page-scroll-to-id/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/page-scroll-to-id/unresolved/) * [Reviews](https://wordpress.org/support/plugin/page-scroll-to-id/reviews/) * 5 replies * 2 participants * Last reply from: [malihu](https://wordpress.org/support/users/malihu/) * Last activity: [5 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-24/#post-13211917) * Status: resolved