WordPress released version 4.8.3 today, which includes a critical security patch. WordPress is advising that all versions 4.8.2 and earlier are vulnerable to SQL injection attack, and that all sites using WordPress should be updated immediately. The vulnerability in question is related to the $wpdb object where $wpdb->prepare() can create queries that allow attackers to inject malicious code into the MySQL database that powers the site. WordPress is reporting that the vulnerability does not impact core application files, but may impact plugins and themes that use WPDB. The security team has added hardening to prevent these add-ons from inadvertently creating the vulnerability.
We are recommending that all WordPress sites be updated immediately. If you have enabled automatic updates, these should complete within the next 24 hours. Additionally, all plugins and themes associated with your WordPress sites should be updated to their latest vendor provided versions. This will help to ensure your site is not compromised.
It is also recommended that you utilize a malware and vulnerability scanner, such as those provided with SiteLock INFINITY to prevent infections on your site.