Impact
Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way.
Patches
This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/1378209
For more information
If you have any questions or comments about this advisory:
Impact
Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way.
Patches
This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled.
References
https://wordpress.org/news/category/releases/
https://hackerone.com/reports/1378209
For more information
If you have any questions or comments about this advisory: