‘Quality is never an accident, it is always the result of intelligent effort’ — John Ruskin
visit the FSB website

Sucuri / WordPress security disclosure

I received an email yesterday, from one of my website security partners ‘Sucuri‘, and I felt I should pass the information on.
Sucuri and WordPress security disclosure
Sucuri announced that they had discovered a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site.
A fix for this was silently included on version 4.7.2 along with other less severe issues. Route22 clients with WordPress websites need not worry as we have already updated every site to version 4.7.2. However, we are encouraging all of our clients to let us install the Sucuri Website Sucurity Stack, which places the website behind the Sucuri Firewall, which protects against this type of threat via their Virtual Hardening / Patching technology.


Facebooktwitterredditpinterestlinkedinmailby feather
Facebooktwitterpinterestlinkedinrssyoutubeby feather

Simple contact form

Proud to be members of London Chamber of Commerce