This topic has 3 replies, 2 voices, and was last updated 3 months, 1 weeks ago ago by Jack Richardson
I’ve been monitoring my website and have identified several attackers attempting SQL injections to manipulate the user lockout settings. Specifically, they are altering the database lockout time by setting it to 1970.
I’ve conducted some research and performed vulnerability scans, which revealed the issues outlined below. Please also refer to the attached screenshot for further details. As I’m still in the testing phase of my pre-production environment, these vulnerabilities are preventing me from moving to production.
any updates how to prevent sql injection please ?
Hello @ethashots,
Thank you for reaching out to us.
Regarding your inquiry about security vulnerabilities in the XSTORE CORE plugin, we have addressed and resolved these issues in the Version 9.3.9 / Core plugin 5.3.9 (Security Update) https://xstore.8theme.com/update-history/. For more details, please read our response here: [Security Update on XSTORE CORE]https://www.8theme.com/topic/urgent-vulnerability-in-xstore-is-it-solved/#post-396635.
Should you have recently updated your theme and core plugin, please allow some time for your CPanel to clear the cache of the vulnerability results. Alternatively, you may contact their support team to expedite the vulnerability check for your website’s theme/core.
Thank you for your attention to these matters. Should you have any further questions or require additional assistance, please do not hesitate to contact us.
Best Regards,
Jack Richardson
8Theme’s Team
You must be logged in to reply to this topic.Log in/Sign up