WordPress users advised to update to version 4.8.3 following discovery of SQL injection vulnerability
Anyone who is using the WordPress are advised to update the version to 4.8.3. This happen win there is a serious securty issue.
The problem SQL injection vulnerability affects millions of websites running WordPress 4.8.2 and older. In addition to installing the latest update, site owners are advised to update plugins that could be exploited.
The vulnerability was discovered by Anthony Ferrara from Lingo Live. And says “Before reading further, if you haven’t updated yet stop right now and update.”
The SQL injection bug was supposed fix by WordPress 4.8.2 last month. But this specific update caused problems with a large number of sites and did not show the root cause of the vulnerability. Ferrara says he informed WordPress about the issue immediately after the release of the last update, but his advice went unheeded.
WordPress 4.8.3 Update
Now with the update of the wordpress 4.8.3 security hole is stoppped.
Simply upgrade to 4.8.3 and update any plugins that override $wpdb (like HyperDB, LudicrousDB , etc). That should be enough.
Over on the WordPress website, Gary Pendergest thanks Ferrara and explains the problem.
WordPress 4.8.3 is now available. This release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.8.2 and earlier were affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue. But we have added the hardening to prevent plugins and themes from accidentally causing a vulnerability.
Reported by Anthony Ferrara.
This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note.
Note: WordPress 4.8.2 has many lags in the security and was later reprted by many peoples