CVE-2017-16510

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 4.8.3

Description The issue allows for potential SQL injection (SQLi) in plugins and themes due to the $wpdb->prepare() function creating unexpected and unsafe queries. This can be exploited using a "double prepare" approach.

Recommendations For WordPress versions prior to 4.8.3, update to version 4.8.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the $wpdb->prepare() function in plugins and themes until the update is applied.