Security Risk: Severe Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / Content Injection Patched Version: 4.7.2 There is a Content Injection Vulnerability in WordPress versions 4.7 and 4.7.1. While working on WordPress, the Sucuri security team discovered a severe content injection vulnerability affecting the REST API in these two versions of WordPress. This…

Read the rest of this article…

WordPress 4.6.1

A new version of WordPress (4.6.1) was released recently to address an important security flaw. WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from…

Read the rest of this article…