
Disclosure: WordPress WPDB SQL Injection - laken
https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-background.html
======
laken
This author discovered a pretty huge WP vuln which he had difficulty getting
WP to actually fix. Wordpress finally pushed a security update today, but not
until he had to threaten FD.

Wordpress Blog Post:
[https://wordpress.org/news/2017/10/wordpress-4-8-3-security-...](https://wordpress.org/news/2017/10/wordpress-4-8-3-security-
release/)

------
stephenr
It's 2017 and Wordpress developers still don't think their bullshit userland
"prepared statements" are a security issue.

