Hacking Book | Free Online Hacking Learning


0day overrun vulnerability in rest api in wordpress 4.7.0 and 4.7.1

Posted by bassolino at 2020-04-04


If you find that your WordPress article has been modified or deleted, such as being added with malicious code or advertising code or prompted by black intrusion, please upgrade your WordPress program to 4.7.2 as soon as possible.

WordPress 4.7.0 and 4.7.1 found the 0day vulnerability of rest API. If the vulnerability is successfully exploited by hackers, it can bypass the administrator's authority to add, delete, modify and query articles, resulting in risks such as serial modification or even loss of articles.

At present, the vulnerability has been fixed in WordPress 4.7.2 released on January 27, 2017, Beijing time, but a large number of users still haven't upgraded. This security update fixes some security issues in WordPress 4.7.1 and earlier:

If the content of your website is changed in series, the right way is to: