{"id":261,"date":"2017-02-04T14:02:39","date_gmt":"2017-02-04T14:02:39","guid":{"rendered":"http:\/\/www.pumpitsolution.com\/?p=261"},"modified":"2022-12-04T11:15:40","modified_gmt":"2022-12-04T11:15:40","slug":"wordpress-has-revealed-a-serious-flaw-that-it-secretly-fixed-in-last-weeks-security-update","status":"publish","type":"post","link":"https:\/\/pegasus-insys.com\/ru\/wordpress-has-revealed-a-serious-flaw-that-it-secretly-fixed-in-last-weeks-security-update\/","title":{"rendered":"WordPress has revealed a serious flaw that it secretly fixed in last week’s security update."},"content":{"rendered":"![\"\"](\"http:\/\/www.pumpitsolution.com\/wp-content\/uploads\/2017\/02\/wordpressIcon2-300x268.png\")
\r\n\r\nWordPress has fixed a vulnerability that allows an unauthenticated user to modify the contents of any post or page within a WordPress site. This vulnerability can be exploited via REST API, which is enabled by default in WordPress 4.7.0 and above.\r\n\r\nA fix for this was silently included on version 4.7.2 <\/strong>along with other less severe issues\u00a0including a cross-site scripting and a SQL injection vulnerability, with the latest version of the CMS.\r\n\r\nThe update, 4.7.2, was pushed only two weeks after developers released the previous\u00a0version.\r\n\r\nRead more on the latest security release:\r\n\r\nWordPress 4.7.2 Security Release<\/a><\/blockquote>