Quality Work Make Your Dream Come True
WordPress BuddyPress bbPress Developer

WordPress 4.7.2 Security Release – fix serious content injection vulnerability

WordPress 4.7.2 was released in January 26th, 2017. An Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint was fixed. The WordPress Official advises the users to update the sites immediately.

WordPress 4.7.2 Security Release - fix serious content injection vulnerability

WordPress 4.7.2 Security Release – fix serious content injection vulnerability

The issue reporter Sucuri said, modify the WordPress website content will produce a modified data packet, The attacker can modify URL to bypass the account verification and directly view the contents of the website by REST API, In addition, the vulnerability even allows an unauthenticated user to modify the content of any post or page within a WordPress site.other content.

Sucuri provide technical details of the vulnerability and write the conclusion in his blog:

This is a serious vulnerability that can be misused in different ways to compromise a vulnerable site. Update now!

 

 

Leave a Reply