- February 12, 2017
- Posted by: Muskoka Marketing Admin
Important: Read the Sucuri WordPress Content Injection article.
Security Risk: Severe
Exploitation Level: Easy/Remote
DREAD Score: 9/10
Vulnerability: Privilege Escalation / Content Injection
Patched Version: 4.7.2
Link to Sucuri Article [blog.sucuri.net] on the topic – note this is serious. Please ensure you verify that your WP install is patched up to version 4.72.
People are saying it might not be enough to patch WP to 4.72. Thus, there are plug-ins that go beyond the patch by disabling REST-API to users who are not logged in as an admin.
Here is a link to a plug-in to disable REST-API for non-admins.