WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance.

The set includes an SQL injection on WP_Query, a blind SQL injection via the WP_Meta_Query, an XSS attack via the post slugs, and an admin object injection.

All of the issues have prerequisites for their exploitation, and most WordPress sites that use the default automatic core updates setting aren’t in danger.

However, sites using WordPress 5.8.2 or older, with read-only filesystems that have disabled automatic core…