SQLi

2 posts tagged with SQLi.

2026-02-18CVEweb securitySQLi3 min read

Two lines of defense that opened the door to SQL injection

Both lines were written for security. One added protection, the other removed it. How $wpdb->prepare() and stripslashes() combined into a critical SQL injection.

2025-01-14bug bountyweb securitySQLi3 min read

The single quote that leaked database credentials

One character in a URL parameter exposed full database credentials and turned into a $2,000 double critical finding. Here's what happened.