Let's recap: WP shipped 4.8.2 last week. It included a "fix" for an SQLi. Except it fixed the wrong part of the code.
As a result, they broke 1.2+ million lines of plugin code that were otherwise secure. They also introduced a new potential SQLi in pkugins
They are ignoring the new potential SQLi, and refuse to engage on the proper way to fix the original issue. Vulnerability report was closed