WordPress Releases Security Update 4.8.3

PUBLISHED:
7 November 2017

WordPress Releases Security Update 4.8.3

WordPress is an very popular open source software used by bloggers and millions of websites. A new security update, WordPress 4.8.3 is released, which addresses a potential SQL injection vulnerability. This update was released on October 31st and is available for public download.

Vulnerabilities Addressed

WordPress 4.8.2 and all previous versions are affected by a security flaw where $wpdb→prepare() can create uncan create unexpected and unsafe queries leading to potential SQL injection. Although the core is not directly vulnerable, additional hardening has been implemented to prevent plugins and themes from accidentally causing a vulnerability.
This release also included a change in behaviour for the esc_sql() function.

TechCERT encourages all  to review this release and upgrade to the newer version to avoid any potential risks and vulnerabilities.

Recommended Action

TechCERT encourages all WordPress users to review this release and upgrade to the newer version to avoid any potential risks and vulnerabilities.

Additional Information and Sources

16 April 2024 [NO.TCSA : 20240416-1-1-P]

Critical Command Injection Vulnerability Found in Palo Alto Networks GlobalProtect

READ MORE READ MORE
9 February 2024 [NO.TCSA : 20240209-1-1-P]

Critical Remote Code Execution Vulnerability Found in FortiOS SSL VPN

READ MORE READ MORE
13 July 2023 [NO.TCSA : 20230713-1-1-P]

Fortinet Patches Critical Remote Code Execution Vulnerability in FortiOS/FortiProxy

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN