Suggestion: Prevent SQL-Injection, add Nonces
-
Current version 0.1.1 might be vulnerable to SQL-Injection, $_GET[‘s’] and $_GET[‘orderby’] and $_GET[‘order’] are used directly in a SQL-statement passed to $wpdb->get_results().
Would recommend $wpdb->prepare(), more here: https://codex.www.ads-software.com/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks
Please also consider to use https://codex.www.ads-software.com/WordPress_Nonces
Also: Fix contact form on your website.
Thanks.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Suggestion: Prevent SQL-Injection, add Nonces’ is closed to new replies.
