A content injection vulnerability (a privilege escalation) has been detected in WordPress versions 4.7.0 and 4.7.1 that affects the REST API. This vulnerability allows unauthenticated users to modify content on any post or page.
An update to WordPress version 4.7.2 will resolve this issue.
Security Risk: Severe
- Update immediately to 4.7.2
- It is recommended that automatic updates be enabled on WordPress sites
WordPress websites hosted by CTLT
If your WordPress website is hosted by CTLT cms.ubc.ca, CTLT has addressed the upgrade already.
If you have any questions, please contact email@example.com