I was doing a vulnerability scan of my ClassicPress website using Skipfish. Skipfish found a SQL injection vector vulnerability and the URL looks like this:
This is the post that triggered the vulnerability.
Should I treat the vulnerability as a false positive? Can I throw a 404 error if one of the queries is used? I have developed my custom theme for my ClassicPress website if that helps.
The reason why I’m asking is I was doing some penetration testing in order to make sure my website remains secure from vulnerabilities.