WordPress 4.8.3 security release is now available. This security release was issued by WordPress yesterday and is for all the previous versions. WordPress suggests strongly that you have this update applied to your WordPress website without delay and so do we.
WordPress versions 4.8.2 and earlier are affected by a security issue where $wpdb>prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but the core development team has added hardening to prevent plugins and themes from accidentally causing a vulnerability. The issue was reported by Anthony Ferrara.
WordPress 4.8.3 security release also includes a change in behavior for the esc_sql() function. However, most developers will not be affected by this change. To know more about this change, click here.
We, as WordPressers, owe it to the reporters of these issues for practicing responsible disclosure. The previous version of WordPress, WordPress 4.8.2 was released on 19th September 2017.
You can download WordPress 4.8.3 here or venture over to your WordPress Dashboard > Update and simply click on the Update Now button. Sites that support automatic background updates are already beginning to update to WordPress 4.8.3.