Patch/Configuration Management, Vulnerability Management

WordPress issues patch to eliminate SQL injection vulnerability

WordPress has issued a new critical update, version 4.8.3, that researchers and the organization said could lead to a SQL injection if left unpatched.

Cyber researcher Anthony Ferrara, also vice president of engineering at Lingo Live, said the problem arose after WordPress issued the previous update, 4.8.2 on September 19, but instead of fixing the problems actually caused issues with a great deal of the third-party code that is used in the open-source content management system.

“WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins and themes from accidentally causing a vulnerability,” WordPress said in a blog.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.