REST API SECURITY ISSUES

  • The latest update makes REST API requests which are a MAJOR HUGE SECURITY THREAT. I had to revert to an older version so the plugin isn’t broken by disabling the rest API. What a HUGE SECURITY ISSUE!!!

    • This topic was modified 7 years, 5 months ago by astrologeeks. Reason: wrong word
Viewing 3 replies - 1 through 3 (of 3 total)

  • The REST API vulnerabilities were patched in 4.7.2 and after. You may want to reconsider enabling it again, it’s going to continue to be a part of wordpress core.

    Some of the vulnerabilities may have been patched, but if you aren’t blocking anonymous access to the REST API, you can simply use the following URL to get a list of a site’s users’ userids, usernames, gravatar hashes and website URLs:

    
https://yourdomain.com/wp-json/wp/v2/users

    I don’t want to make that information so easily available.

    +1 on this, this seems to be a known issue that many people are having problems with.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘REST API SECURITY ISSUES’ is closed to new replies.

Tags