A new WordPress version was just release. This new version addresses a security problem with the $wpdb->prepare() function.
From the release notes:
WordPress versions 4.8.2 and earlier are affected by an issue where
$wpdb->prepare()can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara.
As the above notes says the vulnerability might affect thousands of plugins or themes and Anthony has more technical information on his blog here.
WPScans.com has been updated to check for this vulnerability.