Immediately Upgrade to WordPress 4.8.3 to Avoid SQL Attacks

Immediately Upgrade to WordPress 4.8.3 to Avoid SQL Attacks

WordPress admins, beware. Websites running on WordPress version 4.8.2 and earlier should update immediately to version 4.8.3. Security researcher Anthony Ferrara has reported an SQL injection vulnerability in the platform allowing for websites to be taken over and exploited. Even though the bug was just made public, the foundation of it was reported via Hacker-One on September 20th, 2017.

More about the WordPress SQL Flaw

The above mentioned versions of WordPress are prone to an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). Even though WP core is not directly exposed to the issue, the immediate upgrade is obligatory. WordPress has added hardening to prevent plugins and themes from accidentally causing a flaw, WordPress researchers said.

As for Anthony Ferrara’s discovery, he said it was related to a poor fix that was pushed out by WordPress in version 4.8.2. The fix broke a ton of websites that used an undocumented functionality that was removed. The fix, however, didn’t fix the root issue.

Related Story: WordPress Virus Attack Carries Dangerous EV Ransomware

The 4.8.3 patch mitigates the extent of the issues I could find, and I believe is the second best way to fix the issue (with the first being a much more complex and time consuming change that still needs to happen),” the researcher added.

As mentioned in the beginning, website admins are urged to upgrade to WordPress v4.8.3 immediately. The researcher’s advice is towards admins is to pay attention to plugins that override $wpdb (like HyperDB, LudicrousDB , etc). They should be updated as well.

To update your WordPress to the latest, safest version, just go to Dashboard and select Updates. Everything that needs updating will be listed there, plugins inclusive. Keep in mind that if you have opted to get automatic background updates, your website is already up-to-date.

Another thing to keep in mind is that hosts should upgrade should upgrade wp-db.php for clients.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys ‘Mr. Robot’ and fears ‘1984’.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...