If your websites use WordPress, put down that coffee and upgrade to 4.8.3. Thank us later


Updated WordPress has a security patch out for a programming blunder that you should apply ASAP.

The fix addresses a flaw that can be potentially exploited by hackers to hijack and take over WordPress-powered websites, by injecting malicious SQL database commands.

The core installation of WordPress is not directly affected, we’re told, rather the bug is in a security function provided by the core to plugins and themes. In other words, a bug in the core leaves plugins and themes potentially at risk of being hacked, leading to whole sites being commandeered by miscreants.

Also, crafting a patch to the address the blunder without breaking tons of add-ons for WordPress turned out to be problematic, delaying the release of

“WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi),” the official advisory today warned. “WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.”

Read more…
Source: The Register