SQL Injection vulnerability

Hello.

Thank you for this great plugin. Are there any updates planned to fix this?

Looking forward to hearing from you.

o plugin de segurança Wordfence Security notificou esta vulnerabilidade e está recomendando desativar o seu plugin até a correção, tem alguma previsão de correção desta falha?
“SQL Injection vulnerability”
Edit: link para do wordfence
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pre-party-browser-hints/pre-party-resource-hints-1818-authenticatedadministrator-sql-injection

• This reply was modified 2 years ago by Yui.
• This reply was modified 2 years ago by darlanoliveira.

Hello Sam,

If the Wordfence link does not provide enough information to help you identify the vulnerability you can always contact the researcher to help you identify the place you will need to patch.

Here is his personal website with contact info https://daffa.info/

Thank you

Hello Sam (Plugin Author),

Thank you for your input and the valuable references shared by previous contributors, including the links to Patchstack and the reports by Muhammad Daffa. After reviewing Muhammad’s history of reporting, I’ve noticed a recurring theme of SQL Injection vulnerabilities.

Having examined some of these reports in relation to your current plugin version, I suggest focusing on the file located at plugins/pre-party-browser-hints/includes/common/DAO.php, specifically in the get_admin_hints_query method, at line 140: " ORDER BY $order_by $order". It appears that this section could benefit from an update, possibly along the lines of what follows.

$order_by_sql = sanitize_sql_orderby( "{$order_by} {$order}" );
$new_query['sql'] .= " ORDER BY $order_by_sql";

Kind Regards,

Hi Sam,

This patch does not appear to have fixed the issue.

https://patchstack.com/database/vulnerability/pre-party-browser-hints

The vulnerability appears to be still present. The link above was last updated with the latest release 1.8.19 and still states

Vulnerability history 1 present 0 patched

I’m not 100% sure this is it, but it might be worth looking at the comment I made last week to see if sanitize_sql_orderby sanitizing the order and order by variables helps.

It might be best to reach out to the reporter to see if they can provide more information Muhammad Daffa. Alternatively, Patchstack may be able to shed some light on it [email protected].

Kind Regards,

• This reply was modified 2 years ago by Anthony Thorne.

This thread was marked as resolved, but the issue still persists.

Can we get an update on when a confirmed patched version will be made available?