I received an email yesterday, from one of my website security partners ‘Sucuri‘, and I felt I should pass the information on.
Sucuri announced that they had discovered a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site. A fix for this was silently included on version 4.7.2 along with other less severe issues. Route22 clients with WordPress websites need not worry as we have already updated every site to version 4.7.2. However, we are encouraging all of our clients to let us install the Sucuri Website Sucurity Stack, which places the website behind the Sucuri Firewall, which protects against this type of threat via their Virtual Hardening / Patching technology.
Subscribe To Our Newsletter
Join our mailing list to receive the latest news and updates from our team.