Content Injection Vulnerability in WordPress
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered was a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site.
We disclosed the vulnerability to the WordPress Security Team who handled it extremely well.
Continue reading Content Injection Vulnerability in WordPress at Sucuri Blog.
Read more: Content Injection Vulnerability in WordPress
Story added 1. February 2017, content source with full text you can find at link above.