Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!

By [email protected] (Swati Khandelwal) Last week, WordPress patched three security flaws, but just yesterday the company disclosed about a nasty then-secret zero-day vulnerability that let remote unauthorized hackers modify the content of any post or page within a WordPress site.

The nasty bug resides in WordPress REST API that would lead to the creation of two new vulnerabilities: Remote privilege escalation and Content injection

Via:: Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!