Reply To: Escaped terms = MYSQL Query Errors + Security issues

Home Forums Product Support Forums Ajax Search Pro for WordPress Support Escaped terms = MYSQL Query Errors + Security issues Reply To: Escaped terms = MYSQL Query Errors + Security issues

#4883

will
Participant

Thanks for the speedy response.

We are using WordPress version 4.2.2. Yes, just entered <script>alert('hello');</script> with single quotes surrounding the ‘hello’, via the normal form, not via web inspector. Using Chrome browser Version 43.0.2357.65 (64-bit).

Are there any search settings you would like to know to ensure the tests are the same?

After refreshing the page, due to the ’s’ query parameter in the url containing the search <script>alert(%27hello%27);</script>, the DOM tree errors remain. We also get the same results in Safari.

The server wp is running on is an amazon EC2 instance with Ubuntu 14.04.2 and mysql version 5.6.19-0ubuntu0.14.04.1.

Thanks Will