Blog | G5 Cyber Security

Disclosure: WordPress WPDB SQL Injection – Background

The WordPress team released a fix in 4.8.2 that broke a lot of sites. It was shown that the fix didnt actually fix the root issue (but just a narrow subset of the potential exploits). So I decided the only way to make the team realize the full extent was to Full Disclosure the issue. The 48.3 patch mitigates the extent of the issues I could find, and is the second best way to fix the issue (with the first being a much more complex and time consuming change that still needs to happen).”]

Source: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-background.html

Exit mobile version