SQL injection

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Rahul Aryan

    (@nerdaryan)

    I dont think so, but if you found then tell me the file and line number, I will fix it.

    Thread Starter filterit

    (@filterit)

    When a web application uses user-supplied input parameters within SQL queries
    without first checking them for unexpected characters, it becomes possible for an
    attacker to manipulate the query.
    Integer based SQL injection vulnerability in ap_s parameter to
    /anspress/tag/<<tag name>>/

    Plugin Author Rahul Aryan

    (@nerdaryan)

    Already updated most of codes. But new release is in alpha so will do a quick fix of old version.

    Plugin Author Rahul Aryan

    (@nerdaryan)

    I switched to older commit and searched for all ap_s parameter and I confirm that it is sanitized using sanitize_text_field, hence there is no issue.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘SQL injection’ is closed to new replies.