Get started today. Now with 10-16% off!

Get started

SQLi (SQL Injection)

1,000,000 WordPress Web Sites Affected by an Unauthenticated SQL Injection Vulnerability in LayerSlider Plugin 7.9.11 – 7.10.0

Apr 2, 2024 |

The LayerSlider plugin for WordPress (versions between 7.9.11 and 7.10.0) is vulnerable to an Unauthenticated SQL Injection. It is mandatory to immediately update to the latest patched version of the plugin that solves the problem. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. LayerSlider Plugin 7.9.11 – 7.10.0 - Unauthenticated SQL Injection Plugin slug: LayerSlider Update to version: 7.10.1 The breach can be done trough the ls_get_popup_markup action due to insufficient escaping on the user supplied parameter...

read more

WordPress Core 6.0.3 Security Release

Oct 18, 2022 |

On October 17, 2022, the WordPress core team released WordPress version 6.0.3, which contains patches for a total of 16 vulnerabilities, including SQL injection, stored XSS, open redirect, data exposure and cross-site request forgery vulnerabilities. The good news is that most of these are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. Anyway because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site...

read more

WordPress Core 6.0.2 Security and Maintenance Release

Aug 31, 2022 |

On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WordPress <= 6.0.1 - Authenticated...

read more

Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin <= 13.1.5

Feb 7, 2022 |

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending them to an existing SQL query and affected versions are <= 13.1.4. This could be used to extract sensitive information like password hashes and secret keys from the database. Later on a new vulnerability has been discovered by Muhammad Zeeshan for versions <= 13.1.5 (including the patched...

read more

What Is SQL Injection (SQLi)

May 24, 2021 |

Improper Neutralization of Special Elements used in an SQL Command The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to...

read more

Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!
Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Sign Up Now

Available for websites with themes and plugins from WordPress.org repository only.

Check Our Plans

Sign up for the security newsletter

Terms and Conditions - Privacy Policy