====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN315
_____________________________________________________________________

DATE                : 02/11/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running wordpress versions prior to 4.8.3.

=====================================================================
https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
____________________________________________________________________

WordPress 4.8.3 Security Release

Posted October 31, 2017 by Gary Pendergast. Filed under Releases, Security.

WordPress 4.8.3 is now available. This is a security release for all
previous versions and we strongly encourage you to update your sites
immediately.

WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare() can create unexpected and unsafe queries leading to
potential SQL injection (SQLi). WordPress core is not directly
vulnerable to this issue, but we’ve added hardening to prevent plugins
and themes from accidentally causing a vulnerability. Reported by
Anthony Ferrara.

This release includes a change in behaviour for the esc_sql() function.
Most developers will not be affected by this change, you can read more
details in the developer note.

Thank you to the reporter of this issue for practicing responsible
disclosure.

Download WordPress 4.8.3 or venture over to Dashboard → Updates and
simply click “Update Now.” Sites that support automatic background
updates are already beginning to update to WordPress 4.8.3.


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================