Content Injection Vulnerability in WordPress_img_1|Content Injection Vulnerability


February 7, 2017

Cloud Computing, Enterprise Cloud Technology 2 min read

Content Injection Vulnerability in WordPress 4.7.0 and 4.7.1

A new and highly dangerous vulnerability, known as the Zero-day Content Injection Vulnerability has recently been discovered in the WordPress Content Management System (CMS). This vulnerability affects all WordPress websites on either versions 4.7.0 or 4.7.1 and it is highly recommended that all WordPress site owners to update their website immediately.

Is my website at risk?

For administrators that have not turned on automatic updates for their WordPress websites, or have yet to update their WordPress versions to 4.7.2, your website is at risk of the Content Injection Vulnerability.

How will my website be affected?

This vulnerability affects the WordPress REST API that was introduced in WordPress 4.7.0, and enabled by default on all sites for those with versions 4.7.0 and 4.7.1. One of the endpoints of this particular REST API allows it to create, view, edit or delete posts. With an introduced bug, it can allow an unauthorised user to edit the content of any posts or pages in a WordPress site.

How do I protect my site against the vulnerability?

To start, we advise all administrators to update their WordPress sites' versions as soon as possible (WordPress 4.7.2). The newest WordPress version includes the fix to the mentioned vulnerability. As a precaution, it is highly recommended that you turn on automatic updates for your WordPress site to ensure that it is always on the latest version, and that it can be secured against the latest threats.

What will Vodien do to assist its customers?

Vodien will be sending out email notifications to all customers with WordPress websites in either versions 4.7.0 or  4.7.1, to remind them to update their WordPress version as soon as possible.

Customers with our WebGuard plans are protected against such website vulnerabilities and other security challenges. Please do not hesitate to contact our 24/7 SuperSupport team if you like to know more about the vulnerability, or how you can better protect your website against such threats.

Skip to section