Friday, November 1, 2024
HomeWordpressWordPress 4.8.3 released with patch for SQL injection (SQLi) which affected all...

WordPress 4.8.3 released with patch for SQL injection (SQLi) which affected all the previous version

Published on

Malware protection

WordPress 4.8.3 released with the security patches for all previous versions. The update includes the issue with $wpdb->prepare() which leads to an SQL injection.

SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.To read more about SQLi.

Must Read Most Important Considerations Check to Setup Your WordPress Security

- Advertisement - SIEM as a Service

$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) and the new release includes change in behaviour for the esc_sql() function.

WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.Wordpress reported.

Files Revised

wp-admin/about.php
wp-includes/formatting.php
wp-includes/post.php
wp-includes/wp-db.php
wp-includes/version.php
wp-content/plugins

Must Read Penetration testing with your WordPress Website-Detailed Explanation

Mitigations

WordPress 4.8.3 released with the security patches users are recommended to update their sites immediately.

How to update – Wordpress 4.8.3

WordPress 4.8.3 contains 29 maintenance fixes to the 4.8 release series. Updates are simple Dashboard >> Updates >> Update Now.

It is always a good idea to backup your WordPress before proceeding with the update, if there are any issues, you can restore your website.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Researchers have identified a new variant of the ClickFix fake browser update malware distributed...

Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites

A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation...

Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability

Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas)....