Crucial WordPress API Bug fixed

By | March 21, 2017

WordPress while being one of the best blog system in the world right now – is also known to be a venerable one.

Researches at Securi who found the bug shared the info on how this bug operate:

 The stored XSS bug was patched last week in the WordPress core when the version 4.7.3 security update was released. Marc Montpas, a researcher at Sucuri, said that an attacker who defaced a website using an exploit for the REST API Endpoint vulnerability could also have stored malicious JavaScript on the site that could be triggered later.

“Combined with the recent content injection vulnerability we found, it’s possible for a remote attacker to deface a random post on the site and store malicious Javascript code in it,” Montpas wrote in the disclosure published yesterday. “This code would be executed when a visitors view the post and when anyone edits the post from the WordPress dashboard. As a result, an administrator tries to fix the defaced post, the would unknowingly trigger the malicious script, which could then be used to put a backdoor on the site and create new admin users.”

The issue is now fixed lucky at WordPress version 4.7.3, luckily this bug had been discovered early before it could cause real harm to too many websites and do some actual damages.

We always need to remember that in this days no website is safe to hacks and attacks so make sure you always have the latest backup of your website if the worst happens. also make sure you are using the best security plugins to protect your site.

read more at threatpost.com

Leave a Reply

Your email address will not be published. Required fields are marked *