Security News > 2022 > January > WordPress 5.8.3 security update fixes SQL injection, XSS flaws
The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance.
The set includes an SQL injection on WP Query, a blind SQL injection via the WP Meta Query, an XSS attack via the post slugs, and an admin object injection.
Fixes cover WordPress versions down to 3.7.37.
Fixes cover WordPress versions down to 4.1.34.
There have been no reports of the above being under active exploitation in the wild, and none of these flaws is thought to have a severe potential impact on most WordPress sites.
Php, which should be "Define('WP AUTO UPDATE CORE', true );". Automated core updates were introduced in 2013 on WordPress 3.7, and according to official stats, only 0.7% of all WP sites are currently running a version older than that.