Vulnerability in the plugin ?

Hi,

Yesterday it seems I got hacked or the website reset by itself, very strange…I think that it’s a hack because I cannot even login to my wp admin anymore. It seems that they kind of reset the database.

I got those error in my wp-admin error_log file. It seems related to your plugin.
I was thinking might be a sql injection attack but maybe not…That’s why I am asking you here.
If this is a vulnerability of your plugin then it will help you because it is an important one as they were able to reset everything and gain control of the website.

Please find the log errors below :

[17-Feb-2020 17:36:22 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165
[17-Feb-2020 17:36:22 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165
[17-Feb-2020 17:36:22 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165
[17-Feb-2020 17:36:22 UTC] Erreur de la base de données WordPress Table 'xxxxxxxx.wp_wpml_mails' doesn't exist pour la requête SHOW FULL COLUMNS FROM <code>wp_wpml_mails</code> faite par do_action('admin_init'), WP_Hook->do_action, WP_Hook->apply_filters, TG_Demo_Importer->reset_wizard_actions, wp_install, wp_new_blog_notification, wp_mail, apply_filters('wp_mail'), WP_Hook->apply_filters, No3x\WPML\WPML_Plugin->log_email, No3x\WPML\ORM\BaseModel->save
[17-Feb-2020 17:36:22 UTC] Erreur de la base de données WordPress Table 'xxxxxxxx.wp_wpml_mails' doesn't exist pour la requête SELECT * FROM <code>wp_wpml_mails</code> WHERE <code>mail_id</code> = '0' faite par do_action('admin_init'), WP_Hook->do_action, WP_Hook->apply_filters, TG_Demo_Importer->reset_wizard_actions, wp_install, wp_new_blog_notification, wp_mail, do_action('wp_mail_failed'), WP_Hook->do_action, WP_Hook->apply_filters, No3x\WPML\WPML_Plugin->log_email_failed, No3x\WPML\ORM\BaseModel::find_one, No3x\WPML\ORM\BaseModel::find_one_by
[17-Feb-2020 17:36:22 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165
[17-Feb-2020 17:36:22 UTC] PHP Recoverable fatal error:  Object of class WP_Error could not be converted to string in /home/xxxxxxxx/public_html/wp-content/plugins/litespeed-cache/inc/vary.class.php on line 362
[17-Feb-2020 18:10:59 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165
[17-Feb-2020 18:10:59 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165
[17-Feb-2020 18:10:59 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165
[17-Feb-2020 18:10:59 UTC] PHP Warning:  mysqli_real_escape_string() expects parameter 2 to be string, object given in /home/xxxxxxxx/public_html/wp-includes/wp-db.php on line 1165

Thanks a lot for your help

• This topic was modified 5 years, 1 month ago by Marius L. J..
• This topic was modified 5 years, 1 month ago by Marius L. J.. Reason: Fixed log formatting