WordPress Releases Security Update 4.8.3

PUBLISHED:
7 November 2017

WordPress Releases Security Update 4.8.3

WordPress is an very popular open source software used by bloggers and millions of websites. A new security update, WordPress 4.8.3 is released, which addresses a potential SQL injection vulnerability. This update was released on October 31st and is available for public download.

Vulnerabilities Addressed

WordPress 4.8.2 and all previous versions are affected by a security flaw where $wpdb→prepare() can create uncan create unexpected and unsafe queries leading to potential SQL injection. Although the core is not directly vulnerable, additional hardening has been implemented to prevent plugins and themes from accidentally causing a vulnerability.
This release also included a change in behaviour for the esc_sql() function.

TechCERT encourages all  to review this release and upgrade to the newer version to avoid any potential risks and vulnerabilities.

Recommended Action

TechCERT encourages all WordPress users to review this release and upgrade to the newer version to avoid any potential risks and vulnerabilities.

Additional Information and Sources

21 April 2022 [NO.TCSA : 20220422-1-1-P]

A Critical Unauthenticated Remote Code Execution (RCE) Flaw Found in WSO2 API Manager, Identity Server & Enterprise Integrator

READ MORE READ MORE
19 April 2022 [NO.TCSA : 20220419-1-1-P]

Possible Increase of Intrusion Attempts on Sri Lankan Websites

READ MORE READ MORE
1 April 2022 [NO.TCSA : 20220401-1-1-P]

Spring4Shell – A Critical Remote Execution Found Spring Framework

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN