Title: Cloudways notification: Version <= 2.8.10 SQL Injection Vulnerability Last modified: October 17, 2024 --- # Cloudways notification: Version <= 2.8.10 SQL Injection Vulnerability * [virtualedgesolutions](https://wordpress.org/support/users/virtualedgesolutions/) * (@virtualedgesolutions) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/) * I received a notification today about a detected vulnerability in this plugin. For now, I’ve disabled the plugin. Please verify the validity of the vulnerability. Since I use this plugin for my own security, I’d like to re-enable it, if it is itself secure. * Subject: Alert: Vulnerabilities detected on your application * Email body: * We are writing to inform you about a critical matter related to your website’s security. Our vulnerability detection system (powered by patchstack.com) has detected potential security vulnerabilities in your application that require immediate attention. * We strongly recommend implementing the following steps immediately: * Take a backup of your application. Update the identified core, theme, or plugin( listed below) to a newer versionIf an update is unavailable for a theme or plugin component, we recommend deleting it and replacing it with an alternative. * Here are the detected vulnerabilities in your application: WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 – SQL Injection vulnerability Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Support [Abd Hindi](https://wordpress.org/support/users/abdhindi97/) * (@abdhindi97) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18083289) * Hi there, * I will forward this notification to the development team for their review, and we will get back to you as soon as possible. * Thanks for your time. * Best regards, * [richsadams](https://wordpress.org/support/users/richsadams/) * (@richsadams) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18085137) * I have received the same notification warning from WordFence for our site. * Plugin Name: Email Verification for WooCommerce Current Plugin Version: 2.8.10Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Email Verification for WooCommerce” until a patched version is available. * Thank you. * Plugin Support [Taha](https://wordpress.org/support/users/tahaamin/) * (@tahaamin) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18085247) * Hello richsadams, * We apologize for the inconvenience you’re experiencing with the same issue. Our team is still working on it, and we will keep you updated as soon as possible. * Best regards, * [fimo66](https://wordpress.org/support/users/fimo66/) * (@fimo66) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18086689) * Hi, * i got the same info today: “…….The Email Verification for WooCommerce plugin for WordPress has a security issue that allows attackers to access sensitive information in versions up to 2.8.10. This is because the plugin does not properly handle user input and existing database queries, making it possible for attackers to add their own queries and extract information.” * My version is 2.8.10 , so any update on a fix for this urgent matter ? - This reply was modified 1 year, 7 months ago by [fimo66](https://wordpress.org/support/users/fimo66/). * Plugin Author [WPFactory](https://wordpress.org/support/users/wpcodefactory/) * (@wpcodefactory) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18087801) * Hi everyone, * We apologize for the issue here, we’re currently working on it and a new update will be released very soon. * Thank you, * WPFactory * [richsadams](https://wordpress.org/support/users/richsadams/) * (@richsadams) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18088990) * Thank you! * Plugin Contributor [Pablo Pacheco](https://wordpress.org/support/users/karzin/) * (@karzin) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18089423) * Hi guys, * The new version 2.9.0 I just released should fix the issue. Please, update the plugin and let me know if you notice anything. * [richsadams](https://wordpress.org/support/users/richsadams/) * (@richsadams) * [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18089510) * I’ve installed it on a staging site without encountering anything unusual. If everything continues normally I’ll go ahead and install it on a live site overnight. * Thank you! Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Cloudways notification: Version <= 2.8.10 SQL Injection Vulnerability’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/emails-verification-for-woocommerce_bcecef. svg) * [Customer Email Verification for WooCommerce](https://wordpress.org/plugins/emails-verification-for-woocommerce/) * [Frequently Asked Questions](https://wordpress.org/plugins/emails-verification-for-woocommerce/#faq) * [Support Threads](https://wordpress.org/support/plugin/emails-verification-for-woocommerce/) * [Active Topics](https://wordpress.org/support/plugin/emails-verification-for-woocommerce/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/emails-verification-for-woocommerce/unresolved/) * [Reviews](https://wordpress.org/support/plugin/emails-verification-for-woocommerce/reviews/) * 10 replies * 7 participants * Last reply from: [richsadams](https://wordpress.org/support/users/richsadams/) * Last activity: [1 year, 7 months ago](https://wordpress.org/support/topic/cloudways-notification-version-2-8-10-sql-injection-vulnerability/#post-18089510) * Status: not resolved