WordPress 4.8.3 security release is available now. Because of security release I strongly recommend to upgrade WordPress version of your website immediately.
In earlier versions of WordPress upto 4.8.2, $wpdb->prepare() was vulnerable and it’s fixed with WordPress 4.8.3 security release. Issue with $wpdb->prepare() was that it can create unsafe and unexpected queries leading to potential SQLi (SQL injection). Core files of WordPress is not directly vulnerable to the issue but plugins and themes are vulnerable and can accidently cause vulnerability.
esc_sql() and WordPress 4.8.3 security release
WordPress 4.8.3 security release includes a change in behaviour for the esc_sql() function. Most of the developers will not be affected by this change, you can still find more details here
This issue is reported by Anthony Ferrara and you can read more details here on WPDB SQL Injection with earlier version.
If you haven’t updated yet stop right now and update.
Click here to see complete details on how to upgrade WordPress version whenever there is new version released.
If you face any trouble in upgrading WordPress version, than I can help in the upgrade WordPress process. You can share it via comments or submitting a contact request
