Support Forum
Hi,
For awhile now my website security plugin, iThemes Security Pro, has been reporting a serious security flaw in Simple Press.
- Simple Press - SQL Injection
Is this something you are planning to fix soon?
Or is iThemes wrong to report this?
I'm a fan of Simple:Press and very much do NOT want to replace it with a different Forum option.
I am also concerned about leaving my site open to malicious hackers.
Can you offer any guidance?
Hi:
We're not aware of vulnerability. Usually, if a security researcher finds an issue they would report it privately to the software developer to give them a chance to fix the issue before going public with it. So far we have not received any reports from iThemes. Are you running version 6.5.1 of SP? If you are then maybe they're reporting a false issue.
Thanks.
Hi:
If you're running a version earlier than 6.3 you should upgrade. I believe there was at least one security related fix in the 6.0 line. Support and fixes ended for the 5.x line in 2019.
Please make sure you read the upgrade documentation if you are moving from V5 to V6.: https://simple-press.com/docum.....rsion-6-x/.
Thanks.
PS: End of life and deprecation polices and notices can be found here if it's the kind of thing that you're interested in: https://simple-press.com/depre.....-policies/
All input fields are considered as the most common entry points for WordPress SQL Injection attacks. In Layman’s term, we can say:
Sign up forms
Login forms
Contact forms
Site searches
Feedback fields
Shopping carts
1 Guest(s)