Support » Plugin: WP Session Manager » Unprepared queries allow DB Injection Attack

  • Resolved zitrusblau



    it’s possible for attackers to exploit unprepared queries inside the function “wp_session_cleanup” for a DB Injection attack. In Detail: A manipulated session key be used to execute arbitrary database queries.

    Please release a fixed version.


Viewing 1 replies (of 1 total)
  • Plugin Author Eric Mann



    First, this is <i>not</i> the appropriate way to disclose a security vulnerability. My contact information is listed within the plugin and I’m easily accessible through several other forums as well. Even if not contacting me directly, you should always reach out to regarding security issues such as this.

    Second, the issue has been patched. Please update to the latest version.

Viewing 1 replies (of 1 total)
  • The topic ‘Unprepared queries allow DB Injection Attack’ is closed to new replies.