WordPress 4.8.3 has just been released and if you haven’t upgraded your WordPress website yet, then you should do so as soon as possible.

Version 4.8.3 is an important security update that will fix a serious programming flaw that can potentially expose WordPress-powered websites to the possibility of being attacked and hijacked by hackers by means of injecting malicious SQL database commands.

The bug, CVE-2017-14723, was discovered and reported by security researcher Anthony Ferrara in September. The WordPress core is not affected, the vulnerability lies in WPDB, a set of functions used to talk to the WordPress database, and its ability to include sprint tokens.

The vulnerable functionality was first found in version 4.8.1. WordPress version 4.8.2, which included fixes for many bugs, was supposed to address this flaw. However, according to Ferrara, version 4.8.2 only dealt with “a narrow subset of the potential exploits” and didn’t actually fix the root issue.

In version 4.8.2 and earlier, the buggy code, $wpdb->prepare(), can create unexpected and unsafe queries and potentially allow malicious SQL injection. The newly-released WordPress 4.8.3 security update addresses this flaw by changing the behavior of the esc_sql() function and hardening it to protect it from attacks via plugins and themes.

How to Update to WordPress 4.8.3

If you are a client of Ezone, you needn’t do anything as we have already upgraded you to WordPress version 4.8.3. You can log in to your website as you normally do and be assured that your website is protected from this security threat.

If you wish to upgrade to WordPress 4.83 yourself, follow these steps:

    1. Check first what version of WordPress your site is using. Go to the Dashboard, look in the ‘At a Glance’ panel:
    2. Download the latest version of WordPress 4.83 from the WordPress website, or go to Updates in the Dashboard and choose “Update now.”