Tag: REST API

A Day of REST Boston: Wide Awake

A Day of REST Boston was a one-day conference all about the WordPress REST API. Speakers included members of the team who are building the REST API, and developers using it in production websites. Attendees learned how to use the REST API for their projects, along with insights into best practices, tools, coding, and specific use cases.

Read More

Rogue Pharmacy Defacements via REST API Exploit

SiteLock Research shield

This article was co-authored by Security Researcher Wyatt Morgan from SiteLock Research.

 

This month we’ve seen WordPress websites bombarded with defacements and remote code execution attempts by abusing a vulnerability in the WordPress REST API. As could be expected, compromises motivated by financial gain have now made their debut through the same vector. This most recent flavor of defacements focuses on driving traffic to a rogue pharmacy website, where the visitor is encouraged to purchase — you guessed it, “authentic” erectile dysfunction medication.

Read More

Critical WordPress REST API Vulnerability

This article was co-authored by Security Researchers Gregory Bloom and Wyatt Morgan from SiteLock Research.

As you may have heard by now, WordPress 4.7.2 has arrived! This emergency patch was released by the diligent WordPress contributors following the discovery of a rather nasty vulnerability in the new WordPress REST API functionality. The vulnerability discovered allowed for unauthenticated privilege escalation, which in layman’s terms means it’s potentially harmful as it could allow an adversary to gain unauthorized administrator privileges to any post on most WordPress websites running versions 4.7 or 4.7.1.

Read More

Powered by WordPress & Theme by Anders Norén