WordPress User to the Rescue – Version 4.8.3

WordPress-Community

On October 31, 2017, WordPress.org released version 4.8.3 (which is available for direct download here). This is a security release for all previous versions and we strongly encourage you to update all WordPress based websites as soon as possible. If you have automatic background updates enabled from your WordPress dashboard, this should have happened automatically, or will be happening very shortly. You may also update to the new version manually from your Dashboard → Updates, if you do not have automatic updates enabled (which we of course recommend).

All previous WordPress versions are vulnerable due to an issue where $wpdb->prepare() , which basically prepares a SQL query (Tech Glossary Term) for safe execution and uses sprintf()-like syntax, can create extremely  unsafe queries leading to potential SQL injections (Tech Glossary Term), which are potentially very bad news for your website and/or your server. The WordPress core, itself, is not directly vulnerable to this issue, but hardening to prevent plugins and themes from accidentally causing a vulnerability is reported to have been added as a precaution by the WordPress Development Team.

Awesome distinction here, is that this specific security issue, was discovered and then properly reported by an alert  (and Awesome!) community member; so if you ever discover what you believe to be a significant security vulnerability in the WordPress core, whether your experience level is beginner or advanced, please be just as Awesome yourself and disclose it responsibly!

While a change in behavior for the esc_sql() function has been implemented in this version, most developers shouldn’t be affected by this; however if you are concerned about or would like further details, please see the new version’s developer note.

Rockware Partners & Technologies:


paypal-logo
perl-logo2
icon-linux
ps-logo
wp-logo
javascript-logo
jquery-logo
woo-commerce-logo
mysql-logo
php-logo


Featured Articles

Looking for help?

  • Rockware Support Center - Browse over 30 video tutorials, WordPress management guides and track and support issues.
  • New Support Ticket - Open a new support ticket, and we'll respond within 2 hours.
  • Client Support Center - Existing clients can manage invoices, project progress and download project related files in our Client Center.

Connect With Us

View Rockware Interactive Technologies's profile on LinkedIn
Office: (678) 368 - 7544
Support@Rockwareit.com

Join Our Mailing List

Sign up to receive website updates, news, offers and our monthly newsletter.
  • This field is for validation purposes and should be left unchanged.