ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries

Product
WordPress
Description
Possible security issue found by Anthony Ferrara in WordPress (versions <=4.8.2). WordPress is not vulnerable itself, but themes or plugins could trigger the vulnerability.
Solution
Update WordPress to the latest available version (at least version 4.8.3).
Classification
Type Unknown
References
Release information
CVE
Name CVE-N/A
Versions
Affected In <=4.8.2
Fixed In 4.8.3
Disclosure date
2017-10-31
Credits
Anthony Ferrara
Submitter
ThreatPress