Content Injection Vulnerability in WordPress – February 02, 2017

A content injection vulnerability (a privilege escalation) has been detected in WordPress versions 4.7.0 and 4.7.1 that affects the REST API.  This vulnerability allows unauthenticated users to modify content on any post or page.

 

An update to WordPress version 4.7.2 will resolve this issue.

 

Security Risk: Severe

 

Action:

  1. Update immediately to 4.7.2
  2. It is recommended that automatic updates be enabled on WordPress sites

WordPress websites hosted by CTLT

If your WordPress website is hosted by CTLT cms.ubc.ca, CTLT has addressed the upgrade already.

 

Additional Information

https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

 

If you have any questions, please contact security@ubc.ca