WordPress Core Files Security Vulnerability

Please note, none of our clients are vulnerable to the following security issue

In the past few days WordPress has bene suffering from a serious security breach. Securi, a specialist website security company identified a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site.

A fix for this was silently included on version 4.7.2 along with other less severe issues. This was done intentionally to give everyone time to patch.

This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0.

One of these REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows visitors to edit any post on the site.

The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If your website is on these versions of WordPress then it is currently vulnerable to this bug.

For most users, the website should update itself, but we advise anyone with a WordPress website to check to make sure their website is up to date.

As part of our hosting plans we have carried out the required updates for all our clients.

If you are concerned about security issues with your hosting and would like some help feel free to contact us here or on 01253 963016

James Smythe

Recent Posts

Understanding Google PageSpeed Insights & Core Web Vitals – A green 90+ can still show as needing improvement in Search Console

Many website owners have breathed a sigh of relief that Google has delayed the algorithm…

2 months ago

Most Google searches generate no website traffic with zero-click searches

I briefly touched upon zero-click searches in a recent post about Google featured snippets. The…

4 months ago

Takedown bad Google My Business with a new tool from Google

Online reviews can make or break a business nowadays, which has unfortunately made reviews become…

4 months ago

Google featured snippets improve to normal levels following drop

Featured Snippets in Google are a blessing and a curse. One had they offer a…

4 months ago

LiteSpeed Cache + QUIC.cloud CDN vs WP Rocket + Cloudflare CDN PageSpeed Insights with Divi WordPress Theme

We all know website speed is important, ignoring Google; a slow website provides a terrible…

5 months ago

This website uses cookies.