Saturday, December 2, 2023

WordPress 4.8.3 released with patch for SQL injection (SQLi) which affected all the previous version

By Guru baran

WordPress 4.8.3 released with the security patches for all previous versions. The update includes the issue with $wpdb->prepare() which leads to an SQL injection.

SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.To read more about SQLi.

Must Read Most Important Considerations Check to Setup Your WordPress Security

$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) and the new release includes change in behaviour for the esc_sql() function.

WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.Wordpress reported.

Files Revised

wp-admin/about.php
wp-includes/formatting.php
wp-includes/post.php
wp-includes/wp-db.php
wp-includes/version.php
wp-content/plugins

Must Read Penetration testing with your WordPress Website-Detailed Explanation

Mitigations

WordPress 4.8.3 released with the security patches users are recommended to update their sites immediately.

How to update – Wordpress 4.8.3

WordPress 4.8.3 contains 29 maintenance fixes to the 4.8 release series. Updates are simple Dashboard >> Updates >> Update Now.

It is always a good idea to backup your WordPress before proceeding with the update, if there are any issues, you can restore your website.

Managed WAF Protection

Website

Latest articles

Chrome

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...
CVE/vulnerability

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...
Cyber Security News

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...
Cyber Security News

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...
CVE/vulnerability

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...
cyber security

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
cryptocurrency

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Guru baran
Guru baranhttps://gbhackers.com

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

[email protected]