{"id":1184112,"date":"2016-10-27T15:35:19","date_gmt":"2016-10-27T22:35:19","guid":{"rendered":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/"},"modified":"2016-10-28T07:22:17","modified_gmt":"2016-10-28T14:22:17","slug":"sqli-injections-with-community-events-plugin","status":"closed","type":"topic","link":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/","title":{"rendered":"SQLI Injections with community events plugin"},"content":{"rendered":"

We are using the Community Events plugin alongside The Events Calendar Pro for a site and have found that users have attacked our site using the field: “VENUE DETAILS: Use Saved Venue:”.<\/p>\n

Can the plugin makers please confirm if all input fields are properly sanitised in this plugin and all their other event plugins, and let us know how we can stop people from inserting scripts?<\/p>\n

…into our fields and and ensure they can’t compromise the site using this attack method?<\/p>\n","protected":false},"template":"","class_list":["post-1184112","topic","type-topic","status-closed","hentry"],"yoast_head":"\nSQLI Injections with community events plugin -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQLI Injections with community events plugin -\" \/>\n<meta property=\"og:description\" content=\"We are using the Community Events plugin alongside The Events Calendar Pro for a site and have found that users have attacked our site using the field: “VENUE DETAILS: Use Saved Venue:”. Can the plugin makers please confirm if all input fields are properly sanitised in this plugin and all their other event plugins, and […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-28T14:22:17+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/\",\"url\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/\",\"name\":\"SQLI Injections with community events plugin -\",\"isPartOf\":{\"@id\":\"https:\/\/theeventscalendar.com\/support\/#website\"},\"datePublished\":\"2016-10-27T22:35:19+00:00\",\"dateModified\":\"2016-10-28T14:22:17+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/theeventscalendar.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Topics\",\"item\":\"https:\/\/theeventscalendar.com\/support\/topics\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Calendar Products\",\"item\":\"https:\/\/theeventscalendar.com\/support\/forums\/forum\/events\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Community Events\",\"item\":\"https:\/\/theeventscalendar.com\/support\/forums\/forum\/events\/community-events\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"SQLI Injections with community events plugin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/theeventscalendar.com\/support\/#website\",\"url\":\"https:\/\/theeventscalendar.com\/support\/\",\"name\":\"\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/theeventscalendar.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SQLI Injections with community events plugin -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/","og_locale":"en_US","og_type":"article","og_title":"SQLI Injections with community events plugin -","og_description":"We are using the Community Events plugin alongside The Events Calendar Pro for a site and have found that users have attacked our site using the field: “VENUE DETAILS: Use Saved Venue:”. Can the plugin makers please confirm if all input fields are properly sanitised in this plugin and all their other event plugins, and […]","og_url":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/","article_modified_time":"2016-10-28T14:22:17+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/","url":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/","name":"SQLI Injections with community events plugin -","isPartOf":{"@id":"https:\/\/theeventscalendar.com\/support\/#website"},"datePublished":"2016-10-27T22:35:19+00:00","dateModified":"2016-10-28T14:22:17+00:00","breadcrumb":{"@id":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/theeventscalendar.com\/support\/forums\/topic\/sqli-injections-with-community-events-plugin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/theeventscalendar.com\/support\/"},{"@type":"ListItem","position":2,"name":"Topics","item":"https:\/\/theeventscalendar.com\/support\/topics\/"},{"@type":"ListItem","position":3,"name":"Calendar Products","item":"https:\/\/theeventscalendar.com\/support\/forums\/forum\/events\/"},{"@type":"ListItem","position":4,"name":"Community Events","item":"https:\/\/theeventscalendar.com\/support\/forums\/forum\/events\/community-events\/"},{"@type":"ListItem","position":5,"name":"SQLI Injections with community events plugin"}]},{"@type":"WebSite","@id":"https:\/\/theeventscalendar.com\/support\/#website","url":"https:\/\/theeventscalendar.com\/support\/","name":"","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/theeventscalendar.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/topic\/1184112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/topic"}],"about":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/types\/topic"}],"version-history":[{"count":1,"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/topic\/1184112\/revisions"}],"predecessor-version":[{"id":1184385,"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/topic\/1184112\/revisions\/1184385"}],"wp:attachment":[{"href":"https:\/\/theeventscalendar.com\/support\/wp-json\/wp\/v2\/media?parent=1184112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}