Skip to main content
Image for post: Content injection vulnerability affects the Wordpress REST API

Content injection vulnerability affects the Wordpress REST API

Another Wordpress bug has been discovered

A vulnerability that can affect 1.8 milions of websites has been discovered. You have to update your Wordpress at least at the 4.7.2. Automatic updates are highly recommended.
severe content injection (privilege escalation) vulnerability affecting the REST API has been discovered by Sucuri: "This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site.".

Here it seems an attacker can execute code and modify any post injecting some text or code. This can expose any victim to attacks, black hat seo campaigns and other security problems you never want to have.

This vulnerability can confirm the security problems of Wordpress and why many people are starting to search an alternative. At the same time, you have to renounce to all advantages and cool features of Wordpres and if you have a large website, a migration of your contents to another platform can be very painful.

Resources

Share this post

This website and/or any sub domains use cookies to understand how you to improve your experience.