25 Apr

Security Tip for Developers: Avoid Using esc_sql() When Trying to Prevent SQL Injection Vulnerabilities

Two weeks ago there was discussion on our post detailing a vulnerability in the plugin Gallery – Video Gallery over the escaping method being used to fix a SQL injection vulnerability in the plugin. While the changes made look to have fixed the issue, they were less than ideal. Part of the issue was that instead of [Read more]