Content Injection Vulnerability in WordPress – February 02, 2017

A content injection vulnerability (a privilege escalation) has been detected in WordPress versions 4.7.0 and 4.7.1 that affects the REST API.  This vulnerability allows unauthenticated users to modify content on any post or page.


An update to WordPress version 4.7.2 will resolve this issue.


Security Risk: Severe



  1. Update immediately to 4.7.2
  2. It is recommended that automatic updates be enabled on WordPress sites

WordPress websites hosted by CTLT

If your WordPress website is hosted by CTLT, CTLT has addressed the upgrade already.


Additional Information


If you have any questions, please contact