Title: WordPress vulnerability to sql injection
Last modified: October 1, 2017

---

# WordPress vulnerability to sql injection

 *  [denwist](https://wordpress.org/support/users/denwist/)
 * (@denwist)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/wordpress-vulnerability-to-sql-injection/)
 * Good day!
    My wife uses wordpress. Recently I noticed there is a vulnerability
   to SQL-injection. It is enough to enable debugging: /wp-config.pxp [define (‘
   WP_DEBUG’, true);] and in the address bar put a single quote and see the following
   [http://sokolov-denis.com/images/fix/sql-error.png](http://sokolov-denis.com/images/fix/sql-error.png)
 * Is there a new update that closes this hole in security?
 * I tested on different version php 5.3-7.1. MySQL 5.6.
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwordpress-vulnerability-to-sql-injection%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [8 years, 8 months ago](https://wordpress.org/support/topic/wordpress-vulnerability-to-sql-injection/#post-9546461)
 * 1. [https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/)
 * 2. I can’t reproduce that. With wp_debug enabled, [http://example.com/&#8217](http://example.com/&#8217);
   or [http://example.com/&#8221](http://example.com/&#8221); properly produces 
   a 404.
 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [8 years, 8 months ago](https://wordpress.org/support/topic/wordpress-vulnerability-to-sql-injection/#post-9546462)
 * additional note: PHP 5.3? That’s well past EOL. You should be using at least 
   5.6 and, preferably, 7.0 or 7.1.
 *  [Paul Gilzow](https://wordpress.org/support/users/gilzow/)
 * (@gilzow)
 * [8 years, 8 months ago](https://wordpress.org/support/topic/wordpress-vulnerability-to-sql-injection/#post-9546786)
 * what theme or plugins are you using? The problem is most likely being generated
   by one of them. Your php stack trace should indicate which file specifically 
   the problem originated from.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WordPress vulnerability to sql injection’ is closed to new replies.

## Tags

 * [sql injection](https://wordpress.org/support/topic-tag/sql-injection/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [Paul Gilzow](https://wordpress.org/support/users/gilzow/)
 * Last activity: [8 years, 8 months ago](https://wordpress.org/support/topic/wordpress-vulnerability-to-sql-injection/#post-9546786)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics