Content Injection

Vulnerabilities

Feb 02, 2017

WordPress Team Secretly Fixed A Zero-Day Critical Content Injection Vulnerability

The WordPress security team revealed that they’ve secretly fixed a zero-day vulnerability in the WordPress CMS REST API.The vulnerability in this case would allow for content injection as well as privilege escalation . This vulnerability allows an unauthenticated user to “modify the content of any post or page within a WordPress site” Sucuri, the company […]

root

Vulnerabilities

Feb 02, 2017

Content Injection Vulnerability in WordPress 4.7.0 or 4.7.1

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered was a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post […]

root