WordPress REST API Zero-Day Vulnerability


On February 1, 2017, WordPress disclosed a critical zero-day vulnerability in the WordPress REST API which allows unauthenticated attackers to perform remote privilege escalation and content injection against versions 4.7 and 4.71 of the popular content management system.
A fix for the vulnerability is available in version 4.7.2 of WordPress, and administrators who have not patched their WordPress instances yet are advised to do so as soon as practical.
To learn more about the WordPress 4.7.2 update, please refer to the WordPress Codex on Version 4.7.2.