WordPress REST API Vulnerability Poses Serious Threat To Site Owners

Just a few days ago, Sucuri, a major website security service reported a significant threat within WordPress that involves the newly supported REST API. According to several tech outlets, recent attacks carried out through this vulnerability have reached over 1.5M pages.

To make matters worse, Sucuri has found remote code execution are now being used by hackers, targeting sites that have plugins which allow PHP executions within posts or pages. Plugins that are vulnerable to this type of attack include Insert PHP or Exec-PHP which both have over 100K active installs.

If you are currently a site owner relying on a PHP execution plugin such as these or similar, you are better off temporarily disabling the plugin until an updated version is released which fixes any vulnerabilities. Along with this, we HIGHLY recommend upgrading your WordPress core to 4.7.2 to help secure yourself from these threats.

Source: Sucuri