Title: REST API SECURITY ISSUES
Last modified: June 28, 2017

---

# REST API SECURITY ISSUES

 *  [astrologeeks](https://wordpress.org/support/users/astrologeeks/)
 * (@astrologeeks)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/rest-api-security-issues/)
 * The latest update makes REST API requests which are a MAJOR HUGE SECURITY THREAT.
   I had to revert to an older version so the plugin isn’t broken by disabling the
   rest API. What a HUGE SECURITY ISSUE!!!
    -  This topic was modified 8 years, 11 months ago by [astrologeeks](https://wordpress.org/support/users/astrologeeks/).
      Reason: wrong word

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Marty](https://wordpress.org/support/users/bozzmedia/)
 * (@bozzmedia)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/rest-api-security-issues/#post-9268176)
 * The REST API vulnerabilities were patched in 4.7.2 and after. You may want to
   reconsider enabling it again, it’s going to continue to be a part of wordpress
   core.
 *  [linux4me2](https://wordpress.org/support/users/linux4me2/)
 * (@linux4me2)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/rest-api-security-issues/#post-9270450)
 * Some of the vulnerabilities may have been patched, but if you aren’t blocking
   anonymous access to the REST API, you can simply use the following URL to get
   a list of a site’s users’ userids, usernames, gravatar hashes and website URLs:
 *     ```
       http://yourdomain.com/wp-json/wp/v2/users
       ```
   
 * I don’t want to make that information so easily available.
 *  [bsteinlo](https://wordpress.org/support/users/bsteinlo/)
 * (@bsteinlo)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/rest-api-security-issues/#post-9270744)
 * +1 on this, this seems to be a known issue that many people are having problems
   with.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘REST API SECURITY ISSUES’ is closed to new replies.

 * ![](https://ps.w.org/contact-form-7/assets/icon.svg?rev=2339255)
 * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-7/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-7/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-7/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-7/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-7/reviews/)

## Tags

 * [api](https://wordpress.org/support/topic-tag/api/)
 * [rest](https://wordpress.org/support/topic-tag/rest/)

 * 3 replies
 * 4 participants
 * Last reply from: [bsteinlo](https://wordpress.org/support/users/bsteinlo/)
 * Last activity: [8 years, 11 months ago](https://wordpress.org/support/topic/rest-api-security-issues/#post-9270744)
 * Status: not resolved