WordPress Fixes Security Flaw that Opened Users to Content Injection Attacks

http://www.thewhir.com/wp-content/uploads/2016/03/ThinkstockPhotos-518204639-e1459434228534.jpg

WordPress waited to disclose a REST API Endpoint bug that made sites using WordPress 4.7 and 4.7.1 vulnerable to content injection attacks in order to protect the sites while a security fix was rolled out in WordPress 4.7.2, according to a blog post published Wednesday by WordPress Core Contributor Aaron Campbell.

Sucuri security researcher Marc-Alexandre Montpas alerted the WordPress Security Team of the vulnerability on Jan. 20, who worked with Sucuri to coordinate the disclosure with patching efforts.

Tags: 

Read more: WordPress Fixes Security Flaw that Opened Users to Content Injection Attacks

Story added 3. February 2017, content source with full text you can find at link above.