Title: IMPORTANT FOR THE DEVELOPER – SECURITY EXPLOIT Last modified: August 20, 2016 --- # IMPORTANT FOR THE DEVELOPER – SECURITY EXPLOIT * Resolved [Jon taylor](https://wordpress.org/support/users/jon-taylor/) * (@jon-taylor) * [13 years, 6 months ago](https://wordpress.org/support/topic/important-for-the-developer-security-exploit/) * An exploit has been discovered. I have been running this version of the plugin and have been hacked twice in as many weeks. I have gone through my logs and found the source of the exploit is via the marker_listings.xml * After a quick search on Google, I found this. * [http://dl.packetstormsecurity.net/1211-exploits/wpfirestormrealestate-sql.txt](http://dl.packetstormsecurity.net/1211-exploits/wpfirestormrealestate-sql.txt) * Hope thats of some help in getting this hole plugged up. * [http://wordpress.org/extend/plugins/fs-real-estate-plugin/](http://wordpress.org/extend/plugins/fs-real-estate-plugin/) Viewing 1 replies (of 1 total) * Plugin Author [FireStorm Plugins](https://wordpress.org/support/users/wfernley/) * (@wfernley) * [13 years, 6 months ago](https://wordpress.org/support/topic/important-for-the-developer-security-exploit/#post-3213800) * Hello, what version were you running when you were hacked? Have you upgraded to the latest version? * The link says this exploit is for version 2.06.08 however I don’t see how this is possible. That version includes a check (which is also displayed on that link) that checks to make sure the ID is numeric. If they try to inject any text to exploit/hack your website, it stops the page from loading as a security feature. There is also a secondary check to watch for any SQL injections in the plugin where the user tries to access the wp_users cell. * In a nutshell, if running version 2.06.08, this hack should not work. * Hope that helps! * Wes Viewing 1 replies (of 1 total) The topic ‘IMPORTANT FOR THE DEVELOPER – SECURITY EXPLOIT’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/fs-real-estate-plugin_35739e.svg) * [FireStorm Professional Real Estate Plugin](https://wordpress.org/plugins/fs-real-estate-plugin/) * [Support Threads](https://wordpress.org/support/plugin/fs-real-estate-plugin/) * [Active Topics](https://wordpress.org/support/plugin/fs-real-estate-plugin/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/fs-real-estate-plugin/unresolved/) * [Reviews](https://wordpress.org/support/plugin/fs-real-estate-plugin/reviews/) * 1 reply * 2 participants * Last reply from: [FireStorm Plugins](https://wordpress.org/support/users/wfernley/) * Last activity: [13 years, 6 months ago](https://wordpress.org/support/topic/important-for-the-developer-security-exploit/#post-3213800) * Status: resolved