WordPress (Pre 4.8.3) SQL Injection Vulnerability
CVE-2017-16510 Detail
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a “double prepare” approach, a different vulnerability than CVE-2017-14723.
Resolution :
Updates are available. Please see the references or vendor advisory for more information.
To download WordPress 4.8.3, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.