This post was originally published on this site

This is a monthly roundup of all the WordPress core, WordPress plugins and WordPress themes vulnerabilities reported during the month of October 2016. This roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates.

Recap of WordPress Vulnerabilities in October 2016

October 2016 was a slow month in terms of reported vulnerabilities, though it is not a boring one, mainly because of an Sensitive Information disclosure vulnerability in the WordPress REST API plugin. Basically the attacker can obtain the username, email address, first name, last name, date of registration, and detailed privilege information about every registered user on the target WordPress with a single HTTP request. Such WordPress REST API security issues were the worry of many WordPress users when WordPress were planning of including the REST API in the core.

Well, the vulnerability was fixed, so we have a better WordPress REST API now. Also, it was never included in the WordPress core, so there is not much to worry about. Below is the complete list of all the reported vulnerabilities during October 2016.

WordPress Plugins Vulnerabilities

WordPress Themes Vulnerabilities

The post October 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup appeared first on WP White Security.

Powered by WPeMatico

Canadian Web Hosting [Ad]

Canadian Web Hosting [Ad]