This article was co-authored by Security Researchers Gregory Bloom and Wyatt Morgan from SiteLock Research.

As you may have heard by now, WordPress 4.7.2 has arrived! This emergency patch was released by the diligent WordPress contributors following the discovery of a rather nasty vulnerability in the new WordPress REST API functionality. The vulnerability discovered allowed for unauthenticated privilege escalation, which in layman’s terms means it’s potentially harmful as it could allow an adversary to gain unauthorized administrator privileges to any post on most WordPress websites running versions 4.7 or 4.7.1.

Read More