WordPress 4.7.0/4.7.1 REST API Content Injection Vulnerability

by do son · Published September 9, 2017 · Updated November 15, 2017

WordPress is a blog platform developed using PHP language, users can support PHP and MySQL database on the server set up their own website. WordPress can also be used as a content management system (CMS) to use. Starting with version 4.7.0, WordPress integrates the functionality of the REST API plug-in. Recently, a vulnerability caused by the REST API was disclosed, and a remote attacker could exploit the vulnerability to view, modify, delete, or even create new articles without authentication.