#20489 closed defect (bug) (invalid)
PCI Compliance/Wordpress SQL Injection Vulnerability
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
Hello,
SecurityMetrics is failing my site because there is an SQL injection vulnerability.
Here is a recent email from SecurityMetrics:
The website http://www.texasfrightmareweekend.com/ currently has several SQL injection and Cross Site Scripting vulnerabilities that are flagging. I was able to validate that user input is not being sanitized. If you go to this link:
You can see that I was able to inject a script command into the search field of the page and the server responded by creating the alert box.
In order to resolve these issues the website will need to be sanitizing all user input, including the URL itself. This means that any special characters that are entered by a user are dynamically changed by the website or create an error.
Once you have been able to sanitize the site we need to run a new scan to reflect those changes. You are able to start a new scan at any time from your account summary page by using the 'run' button, or if you prefer we are happy to start a scan at your request.
If you have any questions please let us know. Our support staff is available 24 hours a day at 801.705.5700, or you are welcome to reply to this email.
Is there a fix for this?
The fix is to use
the_search_query()instead ofecho get_query_var('s')in your theme. You can see an example in the bundled Twentyeleven theme.