The vulnerability allows remote unauthorized hackers to modify the content of any post or page within a WordPress site.
The nasty bug resides in WordPress REST API that would lead to the creation of two new vulnerabilities: Remote privilege escalation and Content injection bugs.
WordPress is the world’s most popular content management system (CMS) used on millions of websites. The CMS recently added and enabled REST API by default on WordPress 4.7.0.
Flaw lets Unauthorised Hacker Redirect Visitors to Malicious Exploits
The vulnerability is easy to exploit and affects versions 4.7 and 4.7.1 of the WordPress content management system (CMS), allowing an unauthenticated attacker to modify all pages on unpatched sites and redirect visitors to malicious exploits and a large number of attacks.
The vulnerability was discovered and reported by Marc-Alexandre Montpas from Sucuri to the WordPress security team who handled the matter very well by releasing a patch, but not disclosing details about the flaw in an effort to keep hackers away from exploiting the bug before millions of websites implement the patch.
IF YOU ARE USING WORDPRESS VERSIONS 4.7 or 4.7.1 You should upgrade immediately! Need help? Get in touch.