WordPress 4.7.0/4.7.1 REST API Content Injection Vulnerability

by do son · Published · Updated

WordPress is a blog platform developed using PHP language, users can support PHP and MySQL database on the server set up their own website. WordPress can also be used as a content management system (CMS) to use. Starting with version 4.7.0, WordPress integrates the functionality of the REST API plug-in. Recently, a vulnerability caused by the REST API was disclosed, and a remote attacker could exploit the vulnerability to view, modify, delete, or even create new articles without authentication.

Affected version

WordPress 4.7.0 WordPress 4.7.1

More info please read this article.

Exploit

Demo

Tags: wordpress