WordPress SQL Injection Vulnerability in $wpdb->prepare() Function
CVE-2017-14723 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.
Learn more about our Wordpress Pen Testing.