[wp-trac] [WordPress Trac] #20489: PCI Compliance/Wordpress SQL Injection Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Thu Apr 19 16:14:00 UTC 2012
#20489: PCI Compliance/Wordpress SQL Injection Vulnerability
--------------------------+----------------------
Reporter: txfright | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version:
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+----------------------
Comment (by nacin):
Or get_search_query(), if you do not want to echo it directly. (And rather
than get_query_var('s'), you may also be using `$s`. Also unsafe.)
Also, that's just cross-site scripting at that point, there's no SQL
injection here.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20489#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list