WordPress 4.7/4.7.1 security vulnerability
There is a content injection vulnerability, and it affects the WordPress REST API that was recently added and enabled by default on WP 4.7.
What is it, and what causes it?
In short, it is a security bug that allows visitors to edit any post on your website. Thankfully, It only affects those two versions. Therefore, any previous versions of WordPress are fine and unaffected.
You can see if you are affected by checking your version of WP. There are two ways of doing this:
First, you can look in the wp-includes/version.php file. In there, you should see some code that looks like this:
<?php /** * The WordPress version string * * @global string $wp_version */ $wp_version = '4.7.1'; ?>
Or, sometimes you can click “view source” on the website and look for this meta tag:
<meta name=”generator” content=”WordPress 4.7.1″ />
How do I fix it quickly?
If you are affected, you’ll want to update immediately. Log in to your admin, and click on “Updates.” You should then see a button to update to the latest version of WordPress.
You can also [enable automatic updates](https://codex.wordpress.org/Configuring_Automatic_Background_Updates) to help fight against this in the future.
If you’d rather a professional handle it for you, or just want the peace of mind of a general security audit, we would love to help. Just fill out this form and we will look at your website for you. We are standing by and are quick to answer, so once you submit the form, stick around for a bit and we should be chatting in no time!
Quick Estimate to increase Google PageSpeed Scores in WordPress
Simply fill out the form below, and usually within 5-10 minutes you’ll see replies, estimates, ideas, and feedback on your specific problem. Only the top 2% of WordPress Experts are allowed to view your project.
Recent Comments