Home > Cyber News > Immediately Upgrade to WordPress 4.8.3 to Avoid SQL Attacks

Immediately Upgrade to WordPress 4.8.3 to Avoid SQL Attacks

WordPress admins, beware. Websites running on WordPress version 4.8.2 and earlier should update immediately to version 4.8.3. Security researcher Anthony Ferrara has reported an SQL injection vulnerability in the platform allowing for websites to be taken over and exploited. Even though the bug was just made public, the foundation of it was reported via Hacker-One on September 20th, 2017.

More about the WordPress SQL Flaw

The above mentioned versions of WordPress are prone to an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). Even though WP core is not directly exposed to the issue, the immediate upgrade is obligatory. WordPress has added hardening to prevent plugins and themes from accidentally causing a flaw, WordPress researchers said.

As for Anthony Ferrara’s discovery, he said it was related to a poor fix that was pushed out by WordPress in version 4.8.2. The fix broke a ton of websites that used an undocumented functionality that was removed. The fix, however, didn’t fix the root issue.

Related Story: WordPress Virus Attack Carries Dangerous EV Ransomware

The 4.8.3 patch mitigates the extent of the issues I could find, and I believe is the second best way to fix the issue (with the first being a much more complex and time consuming change that still needs to happen),” the researcher added.

As mentioned in the beginning, website admins are urged to upgrade to WordPress v4.8.3 immediately. The researcher’s advice is towards admins is to pay attention to plugins that override $wpdb (like HyperDB, LudicrousDB , etc). They should be updated as well.

To update your WordPress to the latest, safest version, just go to Dashboard and select Updates. Everything that needs updating will be listed there, plugins inclusive. Keep in mind that if you have opted to get automatic background updates, your website is already up-to-date.

Another thing to keep in mind is that hosts should upgrade should upgrade wp-db.php for clients.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree