WordPress 4.8.3

website_design-creating_personal_concepts-undefined

WordPress 4.8.3

1920 1080 Pro Web Design


WordPress 4.8.3 - security update website_design-creating_personal_concepts-undefined

WordPress recently announced the release of WordPress 4.8.3 with an important security fix. It is recommended that anyone using WordPress update now.

WordPress 4.8.3 Security Report

Anthony Ferrara, VP of Engineering at Lingo Live reported on Oct 31st that a critical SQL-Injection vulnerability was fixed with the new release, WordPress 4.8.3.

He first openly tweeted about the issue on the 26th of October and was contacted by the WordPress team. And the collaboration between the two parties led to a fix for the issue.

He recommends that in addition to updating WordPress, you update all plugins and themes especially those that over-ride the $wpdb object of WordPress’ API. And in the article linked above, he gives pointers for plugin/theme authors and web hosts.

The collaboration between Ferrara and the WordPress team is reported in more detail by WPTavern’s article.

Issue with $wpdb->prepare():

WordPress.org news reports that an issue with $wpdb->prepare() could cause unsafe queries in 4.8.2 which could lead to a SQL-injection. Even though many themes/plugins take steps to prevent this, many might not and this fix with WordPress could solve the issue even in those cases for $wpdb->prepare() using plugins.

Changes to esc_sql():

WordPress also announced that this release also includes changes to the esc_sql() function, here’s the full developer note. Plugins which deeply manipulate the WordPress database like cloning, copying, migration plugins are more likely to use this function.

Possible Issues with WordPress 4.8.3:

I. Duplicator Plugin version 1.2.26: It has been reported that the Duplicator plugin has issues with WordPress 4.8.3 because of the changes to esc_sql() function.

ii. Some versions of MAMP on Mac OSX could have a problem as well.

Make sure to check the ‘tested upto’ status of the plugins/themes from WordPress.org.

Don’t forget to update or download now. Please comment your experience with the update.

Leave a Reply

    How Can We
    Help You?

    Performance and Simplicity exists side by side.

    Contact Pro Web Design and tell us about your next project and we will make sure it is successful. Let us do what we do best.

    website_design-creating_personal_concepts-undefined website_design-creating_personal_concepts-undefined
    1920 1080 Pro Web Design

    The strange creatures called “Designers” – UX Collective

    Most people find the Designer to be a rather friendly looking fellow. Usually cheerful, wearing his/her stylish poplin…

    read more
    website_design-creating_personal_concepts-undefined website_design-creating_personal_concepts-undefined
    1920 1080 Pro Web Design

    OnePlus 6 release date, news and features

    The OnePlus 6 has been announced at its international launch event in London, England.Boasting the biggest screen OnePlus…

    read more
    website_design-creating_personal_concepts-undefined website_design-creating_personal_concepts-undefined
    1920 1080 Pro Web Design

    Now you can make reservations and buy movie tickets on Instagram – TechCrunch

    Instagram is unveiling new features for businesses that want to use their profiles to message with customers and…

    read more

    Creatives – Design, Marketing, Support

    Working Hours: 08:00 – 17:00

    Email: contact[at]prowebdesign.co.za

    Phone: +27 76 260 2730

    We Love Your Feedback