WordPress Security Vulnerabilities fixed in version 4.7.2

A privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default in WordPress 4.7.0.

One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a bug allows visitors to edit any post on the site.

WordPress collaborated with Sucuri (the company that discovered the issue) and other WAF vendors and hosting companies to add protections before the vulnerability was publicly disclosed.

After the exploit was publicly released it started being actively exploited. Many WordPress sites have been found with messages like “Hacked by NG689Skw” or “Hacked by w4l3XzY3”. Googling for information about these particular hacks returns thousands of other hacked sites in the results.

This is a serious vulnerability

WordPress 4.7.2 was released on January 26th 2017 and it is recommended to update immediately.

Read more about the content injection security vulnerability: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

We are SeventhQueen – a crazy and enthusiastic team with unique ideas that have already charmed many great customers.
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

©2017 SeventhQueen - Creative Premium Wordpress Themes | Website Templates

or

Log in with your credentials

Forgot your details?