Title: Security problem Last modified: August 19, 2016 --- # Security problem * 843244 * [17 years, 9 months ago](https://wordpress.org/support/topic/security-problem-3/) * On one of my websites I have a wordpress installation. After an Acunetix (which searches for website vulnerabilities) scan, it was found that my main index was open to SQL injections. Details here: * **Blind SQL/XPath injection Vulnerability description This script is possibly vulnerable to SQL/XPath Injection attacks. * SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters. * This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable. * XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input. This vulnerability affects /. The impact of this vulnerability An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. * Attack details The GET variable page_id is vulnerable. * My WordPress version is 2.5 The topic ‘Security problem’ is closed to new replies. ## Tags * [sql injection](https://wordpress.org/support/topic-tag/sql-injection/) * [wordpress 2.5](https://wordpress.org/support/topic-tag/wordpress-2-5/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 0 replies * 1 participant * Last reply from: 843244 * Last activity: [17 years, 9 months ago](https://wordpress.org/support/topic/security-problem-3/) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics