Reply to post: Re: How the hell

WordPress fixed god-mode zero day without disclosing the problem

Anonymous Coward

Re: How the hell

WP still uses its own cruddy SQL preparation layer (wp-includes/wp-db.php). It's ingrained in thousands of popular themes & plugins. They can't change it without breaking 25% of the internet.

I know for a fact that there were sqli vulns in recent WP versions, likely unrelated to the REST API and therefore still unpatched. I looked for them myself without success. All I can is, this code is a steaming pile of crap.

The only solution is to nuke Wordpress -->

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022