SQL Injection (SQLi), a vulnerability almost as old as database-driven web applications themselves (CWE-89), persists as a classic example of failing to neutralize user-supplied input before it’s used in a SQL query. So why does this well-understood vulnerability type continue to exist?
In the WordPress space, the WordPress core development team has made a number of database functions available via its API. These functions abstract away all the common use-cases for database queries and intend to do so in a way that prevents SQL injection vulnerabilities from being introduced by the developer.
The post How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes appeared first on Wordfence.
This article has been indexed from Blog – Wordfence
Read the original article: