‘Blind SQL Injection via length Parameter’ security warning

  • Resolved Serge Marcil

    (@sergemarcil)


    3 years, 5 months ago

    Hello,

    I installed TablePress and I love it. However, when I ran a security check for the website I’m currently making, I received the following message:

    wpDataTables < 3.4.2 – Blind SQL Injection via length Parameter
    The plugin allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the ‘length’ HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.

    Note: This affect the premium version of the plugin, however, both the premium and free plugins have the same slug.

    Can someone please advise. Is this plugin safe?

    Thank you.

    Serge

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘‘Blind SQL Injection via length Parameter’ security warning’ is closed to new replies.