WordPress REST API security update, due to exposed revisions and draft posts

ByBrian Krogsgard Posted onApril 9, 2015

Security

This release fixes a serious information disclosure vulnerability, which allowed for unpublished content and post revisions to be retrieved via the REST API.

and

This release was coordinated by the REST API team and the WordPress core security team. The security team is pushing automatic updates for this plugin. Each branch was separately patched; there are packages for 1.2.1, 1.1.3, 1.0.2, 0.9.2, and 0.8.2.

Time to update your installs, if you’re using the REST API. Or perhaps the auto-updater will beat you to it.

Selective refresh paves a path for frontend editing

ByBrian Krogsgard February 16, 2016

The selective refresh feature plugin for the customizer makes for a better customizer experience. Weston Ruter summarized the feature on Make Core, and describes its functionality in depth. But also hints at what it makes possible. Currently, postMessage enables live changes, but saving those changes requires a full page reload. postMessage doesn’t do any server…

We don’t need no stinkin’ standards!

ByDan Knauss August 24, 2022August 25, 2022

I wonder how much WordPress is an outlier in even the PHP universe for tolerating the idea that it’s “punishment” and “unfair” to be held to a standard with mandatory testing for code that’s admitted to the WordPress.org repo for use on potentially 40% of the web. That’s how a number of developers responded to…

Draft | Hosting | Planet | Post Status Podcasts | Security

Post Status Draft (No. 115) — Craig Hewitt on Castos’ Latest Funding and Expansion of Private Podcasting

ByDavid Bisset July 7, 2021August 14, 2022

Post Status publisher Cory Miller sat down with Castos CEO Craig Hewitt to talk about their pre-seed funding and expansion into the private podcasting market.

Business | Hosting | Security | WordPress News

WooThemes is investigating alleged website vulnerabilities

ByBrian Krogsgard May 9, 2014May 9, 2014

Some WooThemes customers are alleging that their credit cards suffered from fraudulent charges after purchasing items from WooThemes’ website. The point of vulnerability is unknown at this time. The number of affected customers is unknown. The following is what we know: Just after 3:00 p.m. central time Wednesday, May 7th, WooThemes publicly tweeted struggles with their…

Post Status Excerpt (No. 44) — Small Wins with Small Plugins

ByDavid Bisset February 3, 2022June 3, 2022

Collins Agbonghama is the Founder of ProfilePress. He spoke with David about his recent success acquiring a plugin and breaking even in just four months.

Security

WordPress REST API proposed for core inclusion in two stages

ByBrian Krogsgard September 21, 2015September 21, 2015

The much anticipated proposal for core inclusion of the WordPress REST API is here. Ryan McCue — the project lead — has proposed a draft for the inclusion process that recommends a two stage approach. He recommends that stage one would be an “infrastructure” inclusion, to occur in WordPress 4.4; and stage two would be…

Similar Posts

Post Status is proudly supported by great partners