WordPress 3.4.1 hacked via SQL UNION injection (6 posts)

  1. jamesjacobs
    Posted 3 years ago #

    Hi there

    I wonder if anyone can help me plug a potential hole.

    One of the sites I look after was hacked yesterday. After spending a day going through everything, code, files, server logs I can now see what happened.

    This is what I believed happened looking at the server logs.

    [Details removed]
    I can post server logs if needed. [Please don't.]

    What concerns me is that this vulnerability must still exist - how can I safeguard against it?


  2. Krishna
    Volunteer Moderator
    Posted 3 years ago #

  3. esmi
    Forum Moderator
    Posted 3 years ago #

    Please contact security [at] wordpress.org with the details.

  4. The Hack Repair Guy
    Posted 3 years ago #

    WordPress 3.4.1 is an older version of WordPress?

  5. esmi
    Forum Moderator
    Posted 3 years ago #

    Correct but I'm not seeing any reference to this kind of security issue being addressed in 3.4.2 so I think it would be safest to assume that this is a potential security issue in 3.4.2 also.

  6. esmi
    Forum Moderator
    Posted 2 years ago #

    @jamesjacobs: Can you also provide a list if your current plugins and the name of your theme when you submit a report to security [at] wordpress.org?

Topic Closed

This topic has been closed to new replies.

About this Topic