https://www.pluginvulnerabilities.com/2017/04/25/security-tip-for-developers-avoid-using-esc_sql-when-trying-to-prevent-sql-injection-vulnerabilities/

Two weeks ago there was discussion on our post detailing a vulnerability in the plugin Gallery – Video Gallery over the escaping method being used to fix a SQL injection vulnerability in the plugin. While the changes made look to have fixed the issue, they were less than ideal. Part of the issue was that instead of using a prepared statement to

Share This