WordPress SQL Injection Vulnerability in $wpdb->prepare() Function

CVE-2017-14723 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.

Learn more about our Wordpress Pen Testing.