On Thu, Nov 02, 2017 at 06:40:04AM +1100, Craig Small wrote: > Source: wordpress > Version: 4.8.2+dfsg-2 > Severity: grave > Tags: upstream security > Justification: user security hole > > WordPress versions 4.8.2 and earlier are affected by an issue where > $wpdb->prepare() can create unexpected and unsafe queries leading to > potential SQL injection (SQLi). WordPress core is not directly vulnerable > to this issue, but we’ve added hardening to prevent plugins and themes from > accidentally causing a vulnerability.
Hi Craig, I noticed that this is still affected on stable; do you have an update on that? (Then again, perhaps it is not a serious as all that as it's "only" hardenening against already-vulnerable plugins.) Cheers, Dominic.