WordPress Releases Security Update 4.8.3

PUBLISHED:
7 November 2017

WordPress Releases Security Update 4.8.3

WordPress is an very popular open source software used by bloggers and millions of websites. A new security update, WordPress 4.8.3 is released, which addresses a potential SQL injection vulnerability. This update was released on October 31st and is available for public download.

Vulnerabilities Addressed

WordPress 4.8.2 and all previous versions are affected by a security flaw where $wpdb→prepare() can create uncan create unexpected and unsafe queries leading to potential SQL injection. Although the core is not directly vulnerable, additional hardening has been implemented to prevent plugins and themes from accidentally causing a vulnerability.
This release also included a change in behaviour for the esc_sql() function.

TechCERT encourages all  to review this release and upgrade to the newer version to avoid any potential risks and vulnerabilities.

Recommended Action

TechCERT encourages all WordPress users to review this release and upgrade to the newer version to avoid any potential risks and vulnerabilities.

Additional Information and Sources

9 March 2023 [NO.TCSA : 20230309-1-1-P]

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

READ MORE READ MORE
20 February 2023 [NO.TCSA : 20230220-1-1-P]

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

READ MORE READ MORE
16 January 2023 [NO.TCSA : 20230116-1-1-P]

Cacti Crisis: Severe Vulnerability Exploited in the Wild

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN