Support » Plugin: WP Session Manager » Unprepared queries allow DB Injection Attack

  • Resolved zitrusblau

    (@zitrusblau)



    Hello,

    it’s possible for attackers to exploit unprepared queries inside the function “wp_session_cleanup” for a DB Injection attack. In Detail: A manipulated session key be used to execute arbitrary database queries.

    Please release a fixed version.

    Best.
    Stefan

Viewing 1 replies (of 1 total)
  • Plugin Author Eric Mann

    (@ericmann)

    Stefan,

    First, this is <i>not</i> the appropriate way to disclose a security vulnerability. My contact information is listed within the plugin and I’m easily accessible through several other forums as well. Even if not contacting me directly, you should always reach out to security@wordpress.org regarding security issues such as this.

    Second, the issue has been patched. Please update to the latest version.

Viewing 1 replies (of 1 total)
  • The topic ‘Unprepared queries allow DB Injection Attack’ is closed to new replies.