Title: SQL Injection in option.php (?)
Last modified: August 20, 2016

---

# SQL Injection in option.php (?)

 *  [prrg](https://wordpress.org/support/users/prrg/)
 * (@prrg)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-in-optionphp/)
 * after installing montezuma, my firewall plugin send some warning:
 * WordPress Firewall has detected and blocked a potential attack!
 * Web Page: MYWEB.com/wp_admin/options.php
    Warning: URL may contain dangerous 
   content! Offending IP: 103.3.223.95 [ Get IP location ] Offending Parameter: 
   montezuma[maintemplate-image] = <?php get_header(); ?> <div id=\”main\” class
   =\”row\”> <div id=\”content\” class=\”col12\”> <?php the_post(); ?> <div id=\”
   post-<?php the_ID(); ?>\” <?php post_class(\’cf image-attachment\’); ?>> <h1>
   <?php the_title(); ?></h1> <p> <?php the_time( \’j M Y\’ ); ?> | \”><?php bfa_parent_title();?
   > | <?php bfa_image_size(); ?> </p> <div class=\”post-bodycopy cf\”> <div class
   =\”wp-caption\”> \”><?php bfa_attachment_image( \’full\’ ); ?> <?php bfa_attachment_caption();?
   > </div> <nav class=\”singlenav cf\”> <div class=\”older\”><?php previous_image_link(
   false ); ?></div> <div class=\”newer\”><?php next_image_link( false ); ?></div
   > </nav> <div class=\”entry-description\”> <?php the_content(); ?> <?php wp_link_pages(
   array( \’before\’ => \'<div class=\”page-links\”>\’ . __( \’Pages:\’, \’montezuma\’),\’
   after\’ => \'</div>\’ ) ); ?> </div> </div> <?php edit_post_link( __( \”Edit\”,\’
   montezuma\’ ) ); ?> <div class=\”post-footer\”> <p><?php bfa_image_meta(); ?>
   </p> </div> </div> <?php comments_template(); ?> </div> </div> <?php get_footer();?
   >
 * This may be a “WordPress-Specific SQL Injection Attack.”

The topic ‘SQL Injection in option.php (?)’ is closed to new replies.

 * ![](https://i0.wp.com/themes.svn.wordpress.org/montezuma/1.2.8/screenshot.png)
 * Montezuma
 * [Support Threads](https://wordpress.org/support/theme/montezuma/)
 * [Active Topics](https://wordpress.org/support/theme/montezuma/active/)
 * [Unresolved Topics](https://wordpress.org/support/theme/montezuma/unresolved/)
 * [Reviews](https://wordpress.org/support/theme/montezuma/reviews/)

## Tags

 * [sql](https://wordpress.org/support/topic-tag/sql/)

 * 0 replies
 * 1 participant
 * Last reply from: [prrg](https://wordpress.org/support/users/prrg/)
 * Last activity: [13 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-in-optionphp/)
 * Status: not resolved