Title: Vulnerable to SQL Injection Last modified: January 24, 2024 --- # Vulnerable to SQL Injection * Resolved [Anthony Thorne](https://wordpress.org/support/users/anthonythorne/) * (@anthonythorne) * [2 years, 2 months ago](https://wordpress.org/support/topic/vulnerable-to-sql-injection/) * Hello Sam, * I hope this message finds you well. I wanted to draw your attention to a potential SQL injection vulnerability in your plugin, as detailed in this support thread: [WordPress.org Support Topic](https://wordpress.org/support/topic/sql-injection-vulnerability-16/)( which was mistakenly closed as resolved) and the Patchstack database [here](https://patchstack.com/database/vulnerability/pre-party-browser-hints). Despite the latest patch (version 1.8.19), the issue seems unresolved, with Patchstack still indicating “1 present, 0 patched” under the vulnerability history. * I recommend revisiting my previous comment from two weeks ago, where I suggested using `sanitize_sql_orderby` for sanitizing the ‘order’ and ‘order by’ variables. This can be located in `plugins/pre-party-browser-hints/includes/common/DAO.php`, specifically in the `get_admin_hints_query` method, looking for `" ORDER BY $ order_by $order"`This could potentially address the issue. * Furthermore, it might be prudent to contact [Muhammad Daffa](https://patchstack.com/database/researcher/9978374f-fb8b-4f96-be73-7a74d79c2b84) for further assistance. * Thank you for your attention to this matter. * Kind Regards, * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerable-to-sql-injection%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 4 replies - 1 through 4 (of 4 total) * [Jakours2](https://wordpress.org/support/users/jakours2/) * (@jakours2) * [2 years, 2 months ago](https://wordpress.org/support/topic/vulnerable-to-sql-injection/#post-17372666) * +1 * Plugin Author [Sam Perrow](https://wordpress.org/support/users/samperrow/) * (@samperrow) * [2 years, 2 months ago](https://wordpress.org/support/topic/vulnerable-to-sql-injection/#post-17377675) * I will try to find some time over the next few days to resolve this. I have been very busy lately and haven’t been able to get to it. * [Azrael3000](https://wordpress.org/support/users/azrael3000/) * (@azrael3000) * [2 years, 2 months ago](https://wordpress.org/support/topic/vulnerable-to-sql-injection/#post-17419440) * Any update on this? * Plugin Author [Sam Perrow](https://wordpress.org/support/users/samperrow/) * (@samperrow) * [2 years, 1 month ago](https://wordpress.org/support/topic/vulnerable-to-sql-injection/#post-17433257) * Should be fixed with 1.8.20 Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Vulnerable to SQL Injection’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/pre-party-browser-hints_7b3960.svg) * [Pre* Party Resource Hints](https://wordpress.org/plugins/pre-party-browser-hints/) * [Frequently Asked Questions](https://wordpress.org/plugins/pre-party-browser-hints/#faq) * [Support Threads](https://wordpress.org/support/plugin/pre-party-browser-hints/) * [Active Topics](https://wordpress.org/support/plugin/pre-party-browser-hints/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/pre-party-browser-hints/unresolved/) * [Reviews](https://wordpress.org/support/plugin/pre-party-browser-hints/reviews/) * 4 replies * 4 participants * Last reply from: [Sam Perrow](https://wordpress.org/support/users/samperrow/) * Last activity: [2 years, 1 month ago](https://wordpress.org/support/topic/vulnerable-to-sql-injection/#post-17433257) * Status: resolved