Wednesday, November 13, 2024
HomeWordpressWordPress 4.8.3 released with patch for SQL injection (SQLi) which affected all...

WordPress 4.8.3 released with patch for SQL injection (SQLi) which affected all the previous version

Published on

Malware protection

WordPress 4.8.3 released with the security patches for all previous versions. The update includes the issue with $wpdb->prepare() which leads to an SQL injection.

SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.To read more about SQLi.

Must Read Most Important Considerations Check to Setup Your WordPress Security

- Advertisement - SIEM as a Service

$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) and the new release includes change in behaviour for the esc_sql() function.

WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.Wordpress reported.

Files Revised

wp-admin/about.php
wp-includes/formatting.php
wp-includes/post.php
wp-includes/wp-db.php
wp-includes/version.php
wp-content/plugins

Must Read Penetration testing with your WordPress Website-Detailed Explanation

Mitigations

WordPress 4.8.3 released with the security patches users are recommended to update their sites immediately.

How to update – Wordpress 4.8.3

WordPress 4.8.3 contains 29 maintenance fixes to the 4.8 release series. Updates are simple Dashboard >> Updates >> Update Now.

It is always a good idea to backup your WordPress before proceeding with the update, if there are any issues, you can restore your website.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Fortinet Patches Critical Flaws That Affected Multiple Products

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple...

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community...

Chrome 131 Released with the Fix for Multiple Vulnerabilities

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac,...

Ivanti Warns of Critical Vulnerabilities in Connect Secure, Policy Secure & Secure Access

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites

Researchers have identified a new variant of the ClickFix fake browser update malware distributed...

Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites

A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation...

Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability

Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas)....