How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes

SQL Injection (SQLi), a vulnerability almost as old as database-driven web applications themselves (CWE-89), persists as a classic example of failing to neutralize user-supplied input before it’s used in a SQL query. So why does this well-understood vulnerability type continue to exist?
In the WordPress space, the WordPress core development team has made a number of database functions available via its API. These functions abstract away all the common use-cases for database queries and intend to do so in a way that prevents SQL injection vulnerabilities from being introduced by the developer.
The post How To Find SQL Injection Vulnerabilities in WordPress Plugins and Themes appeared first on Wordfence.WordfenceRead More