Title: SQL Vulnerability Fixed
Last modified: April 12, 2022

---

# SQL Vulnerability Fixed

 *  Resolved [justmejames](https://wordpress.org/support/users/justmejames/)
 * (@justmejames)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/sql-vulnerability-fixed/)
 * The vulnerability that has been patched (Thank you) Was this accessible to logged
   in users of a site?

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [simonpedge](https://wordpress.org/support/users/simonpedge/)
 * (@simonpedge)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/sql-vulnerability-fixed/#post-15560958)
 * I applied this fix in response to an email I received from WordFence Security–
   the description they provided:
 * Description
    The duplicating slider functionality of the plugin is vulnerable
   to SQL injection due to missing parameterization and escaping on the values supplied
   to the SQL query used for postmeta duplication. This makes it possible for authenticated
   attackers to inject additional SQL queries into custom meta that will execute
   during slider duplication. This can be exploited by an attacker to retrieve sensitive
   information from the database.
 * So i replaced the SQL query string with the WordPress ‘prepare’ statement as 
   suggested to prevent the SQL injection vulnerability.
 *  Thread Starter [justmejames](https://wordpress.org/support/users/justmejames/)
 * (@justmejames)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/sql-vulnerability-fixed/#post-15564775)
 * Thanks for the info Simon.
 *  Plugin Author [simonpedge](https://wordpress.org/support/users/simonpedge/)
 * (@simonpedge)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/sql-vulnerability-fixed/#post-15565016)
 * No problem.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘SQL Vulnerability Fixed’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/slide-anything.svg)
 * [Slide Anything - Responsive Content / HTML Slider and Carousel](https://wordpress.org/plugins/slide-anything/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/slide-anything/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/slide-anything/)
 * [Active Topics](https://wordpress.org/support/plugin/slide-anything/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/slide-anything/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/slide-anything/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [simonpedge](https://wordpress.org/support/users/simonpedge/)
 * Last activity: [4 years, 1 month ago](https://wordpress.org/support/topic/sql-vulnerability-fixed/#post-15565016)
 * Status: resolved