REST API SECURITY ISSUES

  • astrologeeks

    (@astrologeeks)


    8 years, 11 months ago

    The latest update makes REST API requests which are a MAJOR HUGE SECURITY THREAT. I had to revert to an older version so the plugin isn’t broken by disabling the rest API. What a HUGE SECURITY ISSUE!!!

    • This topic was modified 8 years, 11 months ago by astrologeeks. Reason: wrong word
Viewing 3 replies - 1 through 3 (of 3 total)
  • Marty

    (@bozzmedia)

    8 years, 11 months ago

    The REST API vulnerabilities were patched in 4.7.2 and after. You may want to reconsider enabling it again, it’s going to continue to be a part of wordpress core.

    linux4me2

    (@linux4me2)

    8 years, 11 months ago

    Some of the vulnerabilities may have been patched, but if you aren’t blocking anonymous access to the REST API, you can simply use the following URL to get a list of a site’s users’ userids, usernames, gravatar hashes and website URLs:

    
http://yourdomain.com/wp-json/wp/v2/users

    I don’t want to make that information so easily available.

    bsteinlo

    (@bsteinlo)

    8 years, 11 months ago

    +1 on this, this seems to be a known issue that many people are having problems with.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘REST API SECURITY ISSUES’ is closed to new replies.

Tags