Title: SQL injection
Last modified: August 22, 2016

---

# SQL injection

 *  Resolved [filterit](https://wordpress.org/support/users/filterit/)
 * (@filterit)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-10/)
 * have had a PCI scan run on a site with anspress on and it showed aspects that
   could be vulnerable to sql injection.
    Dont want to post directly which are but
   are you aware?
 * [https://wordpress.org/plugins/anspress-question-answer/](https://wordpress.org/plugins/anspress-question-answer/)

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [Rahul Aryan](https://wordpress.org/support/users/nerdaryan/)
 * (@nerdaryan)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-10/#post-5682893)
 * I dont think so, but if you found then tell me the file and line number, I will
   fix it.
 *  Thread Starter [filterit](https://wordpress.org/support/users/filterit/)
 * (@filterit)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-10/#post-5682933)
 * When a web application uses user-supplied input parameters within SQL queries
   
   without first checking them for unexpected characters, it becomes possible for
   an attacker to manipulate the query. Integer based SQL injection vulnerability
   in ap_s parameter to /anspress/tag/<<tag name>>/
 *  Plugin Author [Rahul Aryan](https://wordpress.org/support/users/nerdaryan/)
 * (@nerdaryan)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-10/#post-5682941)
 * Already updated most of codes. But new release is in alpha so will do a quick
   fix of old version.
 *  Plugin Author [Rahul Aryan](https://wordpress.org/support/users/nerdaryan/)
 * (@nerdaryan)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-10/#post-5682942)
 * I switched to older commit and searched for all `ap_s` parameter and I confirm
   that it is sanitized using `sanitize_text_field`, hence there is no issue.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘SQL injection’ is closed to new replies.

 * ![](https://ps.w.org/anspress-question-answer/assets/icon-256x256.png?rev=2432843)
 * [AnsPress - Question and answer](https://wordpress.org/plugins/anspress-question-answer/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/anspress-question-answer/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/anspress-question-answer/)
 * [Active Topics](https://wordpress.org/support/plugin/anspress-question-answer/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/anspress-question-answer/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/anspress-question-answer/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [Rahul Aryan](https://wordpress.org/support/users/nerdaryan/)
 * Last activity: [11 years, 4 months ago](https://wordpress.org/support/topic/sql-injection-10/#post-5682942)
 * Status: resolved