Security issue : Wordfence warn of plugin file modified !!

  • Resolved esia168

    (@esia168)


    5 years, 6 months ago

    Hi, does this plugin has reported security issue ? I was warned by Wordfence a file in this plugin was modified !!!

    wp-content/plugins/woo-save-abandoned-carts/admin/class-woo-live-checkout-field-capture-admin-table.php

    Modified into :
    $total_items = $wpdb->get_var(“SELECT COUNT(id) FROM {$table_name}”);

    you can see it comes with a braces that is prone to SQL injection. Omg.

    I saw at least one of this

    • This topic was modified 5 years, 6 months ago by Andrew Nevins.
    • This topic was modified 5 years, 6 months ago by Andrew Nevins. Reason: Removed vulnerability disclosure
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Streamline

    (@streamlinestar)

    Hi @esia168

    Thanks for being so vigilant, we did some small security tests and since then have released a new version that has improved the security of our product and now is completely secured against any SQL injections.
    You can check out this link that reports plugin security risks related to various vulnerabilities: https://coderisk.com/wp/plugin/woo-save-abandoned-carts

    We are always looking forward to keeping our users safe and secure ??
    Thank you once again for being proactive.

    Best wishes

    Thread Starter esia168

    (@esia168)

    Hi, thanks for the info, but can answer me specifically did you put the curly braces on that $table_name ? I want to make sure that my website is not hacked.

    $total_items = $wpdb->get_var(“SELECT COUNT(id) FROM {$table_name}”);

    I still can’t trust this plugin yet though, seems security issue has not been well implemented from beginning. I have to uninstall for now.

    Plugin Author Streamline

    (@streamlinestar)

    Hi @esia168

    Yes, we did a test on that one line of code to see if it would be picked up as an SQL injection vulnerability by Coderisk software mentioned above.
    But now if you have the latest version you should be able to see that the line no longer has these curly braces.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security issue : Wordfence warn of plugin file modified !!’ is closed to new replies.