Security alerts about SQL-injections after “poll_id”

  • Hi!

    we recently receive an increasing number of WordFence-security alerts about sql-injections in query-strings starting with “polls_id=”, e. g.:

    poll_id = 7 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Leez

    I assume the “polls_id”-parameter is related to WP Polls, since this is the only poll-plugin we use on the website. Are there any know incidences or vulnerabilities about WP polls?

    Thanks and best regards,
    Oliver

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author Lester Chan

    (@gamerz)

    Hmm, I am not aware of any, most if not all of the queries go through Prepared statement, so SQL injection is unlikely. Or are the alerts just attempts only?

Viewing 1 replies (of 1 total)
  • The topic ‘Security alerts about SQL-injections after “poll_id”’ is closed to new replies.