WordPress 4.8.3 released with the security patches for all previous versions. The update includes the issue with $wpdb->prepare() which leads to an SQL injection.
SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.To read more about SQLi.
Must Read Most Important Considerations Check to Setup Your WordPress Security
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) and the new release includes change in behaviour for the esc_sql() function.
WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.Wordpress reported.
Files Revised
wp-admin/about.php wp-includes/formatting.php wp-includes/post.php wp-includes/wp-db.php wp-includes/version.php wp-content/plugins
Must Read Penetration testing with your WordPress Website-Detailed Explanation
Mitigations
WordPress 4.8.3 released with the security patches users are recommended to update their sites immediately.
How to update – Wordpress 4.8.3
WordPress 4.8.3 contains 29 maintenance fixes to the 4.8 release series. Updates are simple Dashboard >> Updates >> Update Now.
It is always a good idea to backup your WordPress before proceeding with the update, if there are any issues, you can restore your website.
