massimigliano

thank you

if ($_POST['delete_me'] == "yes") {
      mysql_query("DELETE FROM wp_users WHERE id='".$_POST['user_ID']."'");
      echo '<script type="text/javascript">window.location = "'.get_option('siteurl') . '/wp-login.php"</script>';
    }

This is stupid as $_POST[‘user_ID’] is never sanitized and if I pass 1 OR 1 as the ID, the plugin will happily delete ALL users from the database.

thanks

it’s not work with Multisite ….all blogs of the Network becomes inaccessible after the installation