EPSS
Percentile
72.8%
WordPress is susceptible to SQL injection attacks. The attacks exist because the library does not check the additional values for placeholders in wpdb->prepare and does not escape percent % characters.
wpdb->prepare
%
core.trac.wordpress.org/changeset/41470
core.trac.wordpress.org/changeset/41496
medium.com/websec/wordpress-sqli-bbb2afcc8e94
medium.com/websec/wordpress-sqli-poc-f1827c20bf8e
wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/