Zero day in WordPress 4.7.1 and before, upgrading to 4.7.2 Mandatory

News

Another day, another major vulnerability in an important piece of software. WordPress, one of the most widespread CMSs in the world, has recently released a new version in order to close a vulnerability which allows attackers unauthorized access to your environment.

WordPress uses an REST API. This API is vulnerable for content injection which allows unauthenticated users to gain additinal priviledges. They can then modify the content of any post or page within the WordPress site and place their own code or content.

The new WordPress version, 4.7.2, contains a patch for this vulnerability. If you have WordPress 4.7.1 or lower then we strongly recommend updating your installation to version 4.7.2 as soon as possible.

For more information about this vulnerability please see here: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/

If you have any questions regarding this blogpost or would like additional support from us, please send an e-mail to support@cloudvps.com.