• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

WordPress < 4.8.3 Vulnerable To SQL Injection (SQLI) Exploit

Haider Ali Khan by Haider Ali Khan
November 1, 2017
WordPress SQL Injection
Share on FacebookShare on Twitter

A security researcher named “Anthony Ferrara” has found a critical SQL Injection (SQLI) vulnerability in the WordPress CMS. According to WordPress team, the vulnerability exists in all previous versions of the CMS, Whereas the vulnerability has been patched in the latest WordPress version 4.8.3 released which was released yesterday. Therefore, WordPress has strongly encouraged all it’s CMS users to upgrade their scripts to the latest version as soon as possible.

WordPress reported that the issue comes from $wpdb->prepare(), which can create unexpected and unsafe queries leading to an SQL Injection (SQLI). WordPress team have said that the vulnerability is not in the core script, but can be caused by plugins and themes using $wpdb->prepare(). WordPress had been made changes to the esc_sql() function to prevent SQL Injection queries, However the changes wont have any effects on WordPress developers.

The vulnerability founder, Anthony Ferrara shared a story on his blog on how he got WordPress team to pay attention to the bug reported. Although WordPress had literally ignored the bug, thinking it wasn’t a vulnerability. After Anthony Ferrara asked permission for disclosing the vulnerability to the public, WordPress team decided to have another look into the reported vulnerability, which then was found to be a serious flaw.

The vulnerability was originally found on 19th September 2017, which then was reported to WordPress on 20th September 2017. On 27 October 2017, Anthony Ferrara shared a tweet on Facebook regarding him disclosing the SQL Injection vulnerability in WordPress soon.

IMPORTANT: I will be disclosing a massive WP SQLi vulnerability soon. I have no confidence WP will fix correctly and hence no choice but FD

— Anthony Ferrara (@ircmaxell) October 26, 2017

That being said, On 31st October 2017, Anthony Ferrara published an article on his blog on how the vulnerability works, what code causes the CMS to break and how to fix the buggy code in steps. WordPress also thanked Anthony Ferrara for reporting the vulnerability and for practicing responsible disclosure.

Back in February, WordPress was vulnerable to a REST API exploit which had lead to thousands of websites being hacked and defaced. As the new SQL Injection vulnerability has just been disclosed to the public, we hope it won’t result in the same outcome as it did with the REST API vulnerability.

Tags: SQL InjectionWordpress
Haider Ali Khan

Haider Ali Khan

Founder, content creator and writer of The Hack Post. I am an independent cyber security researcher and ethical hacker. I am passionate and committed to educating the world to spread information and expose the threats that exist online. I have a vast span of knowledge and experience in the field of hacking and I’m here to share it all with everyone else.

Next Post
Hacked By Team Bad Dream

Ministry of Foreign Affairs and 20 Embassy Websites of Lebanon Hacked

Latest Articles

The Premier Choice for Cesspool Service near Ronkonkoma, NY
Business

The Premier Choice for Cesspool Service near Ronkonkoma, NY

May 26, 2023
A-1 Sewer & Drain
Business

A-1 Sewer and Drain

May 26, 2023
What is Content at Scale and How Does it Help Boost Your Content?
news

What is Content at Scale and How Does it Help Boost Your Content?

May 26, 2023
The Evolution of Payment Systems in the Cryptocurrency Landscape
Business

The Evolution of Payment Systems in the Cryptocurrency Landscape

May 25, 2023
Reasons Small Business Loans get rejected
news

Reasons Small Business Loans get Rejected

May 16, 2023
A Complete Guide on Mobile App Wrapping
Technology

A Complete Guide on Mobile App Wrapping

May 16, 2023
Best Roofing Company in Indianapolis
news

Best Roofing Company in Indianapolis

May 16, 2023
Sealants for Industrial Processes Introducing CJM Centritec Non Contact Seals and CinchSeal Rotary Shaft Seals
news

Sealants for Industrial Processes: Introducing CJM Centritec Non Contact Seals and CinchSeal Rotary Shaft Seals

May 15, 2023
Building Custom Generative AI Models with TensorFlow
Technology

Building Custom Generative AI Models with TensorFlow

May 13, 2023
Secure Your Gaming Experience Top Tips for Safer Online Play
Entertainment

Secure Your Gaming Experience: Top Tips for Safer Online Play

May 11, 2023
windows in europe Everything You Need to Know
news

Windows in Europe: Everything You Need to Know

May 4, 2023
4 Advantages You Can Get Using WordPress Alternatives
Technology

4 Advantages You Can Get Using WordPress Alternatives

April 29, 2023
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019