CVE-2017-14723: Before version 4.8.2, WordPress mishandled % characters and additional ...

Severity: Critical

CVSS Score: 9.8

Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.