Title: SQL-injection
Last modified: February 8, 2017

---

# SQL-injection

 *  [ak](https://wordpress.org/support/users/apkoponen/)
 * (@apkoponen)
 * [10 years, 9 months ago](https://wordpress.org/support/topic/sql-injection-19/)
 * This plugin has a SQL-injection vulnerability in at least Filter.php appendWhere-
   function. Date range $_GET[] are not being sanitized and are appended with through
   posts_where filter.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Roni Saha](https://wordpress.org/support/users/ronisaha/)
 * (@ronisaha)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-19/#post-8784031)
 * Thanks for the review.
    The vulnerability was fixed at V1.6. You can give it 
   another try.
 * Thanks

Viewing 1 replies (of 1 total)

The topic ‘SQL-injection’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/easy-filter_213951.svg)
 * [Easy Filter](https://wordpress.org/plugins/easy-filter/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/easy-filter/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/easy-filter/)
 * [Active Topics](https://wordpress.org/support/plugin/easy-filter/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/easy-filter/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/easy-filter/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Roni Saha](https://wordpress.org/support/users/ronisaha/)
 * Last activity: [9 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-19/#post-8784031)