Title: SQL issues with HDW Player Plugin
Last modified: August 22, 2016

---

# SQL issues with HDW Player Plugin

 *  [Millennial Monitor](https://wordpress.org/support/users/millennial-monitor/)
 * (@millennial-monitor)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/sql-issues-with-hdw-player-plugin/)
 * SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-
   player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated
   administrators to execute arbitrary SQL commands via the id parameter in the 
   edit action to wp-admin/admin.php. See: [SecuriTeam](http://www.securiteam.com/securitynews/6C03N0KC1A.html)
 * SQL injection is a code injection technique, used to attack data-driven applications,
   in which malicious SQL statements are inserted into an entry field for execution(
   e.g. to dump the database contents to the attacker). See: [SQL Injection](http://en.wikipedia.org/wiki/SQL_injection)
 * ALWAYS DO DUE DILIGENCE BEFORE DOWNLOADING PLUGINS
 * [https://wordpress.org/plugins/hdw-player-video-player-video-gallery/](https://wordpress.org/plugins/hdw-player-video-player-video-gallery/)

Viewing 1 replies (of 1 total)

 *  Plugin Author [hdw player](https://wordpress.org/support/users/hdw-player/)
 * (@hdw-player)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/sql-issues-with-hdw-player-plugin/#post-5788661)
 * SQL injection vulnerability had been resolved and updated in the version of HDW
   Player (3.2).
 * The current version of HDW Player is 3.4.
 * Regards,
    HDW Player

Viewing 1 replies (of 1 total)

The topic ‘SQL issues with HDW Player Plugin’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/hdw-player-video-player-video-gallery.
   svg)
 * [HDW Player Plugin (Video Player & Video Gallery)](https://wordpress.org/plugins/hdw-player-video-player-video-gallery/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/hdw-player-video-player-video-gallery/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/hdw-player-video-player-video-gallery/)
 * [Active Topics](https://wordpress.org/support/plugin/hdw-player-video-player-video-gallery/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/hdw-player-video-player-video-gallery/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/hdw-player-video-player-video-gallery/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [hdw player](https://wordpress.org/support/users/hdw-player/)
 * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/sql-issues-with-hdw-player-plugin/#post-5788661)
 * Status: not resolved