SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.To read more about SQLi.
$wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) and the new release includes change in behaviour for the esc_sql() function.
WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.Wordpress reported.
wp-admin/about.php wp-includes/formatting.php wp-includes/post.php wp-includes/wp-db.php wp-includes/version.php wp-content/plugins
WordPress 4.8.3 released with the security patches users are recommended to update their sites immediately.
How to update – Wordpress 4.8.3
WordPress 4.8.3 contains 29 maintenance fixes to the 4.8 release series. Updates are simple Dashboard >> Updates >> Update Now.
It is always a good idea to backup your WordPress before proceeding with the update, if there are any issues, you can restore your website.