Roundup of the WordPress Plugins & Themes Vulnerabilities | October 2016
This is a monthly roundup of all the WordPress core, WordPress plugins and WordPress themes vulnerabilities reported during the month of October 2016. This roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Recap of WordPress Vulnerabilities in October 2016
October 2016 was a slow month in terms of reported vulnerabilities, though it is not a boring one, mainly because of an Sensitive Information disclosure vulnerability in the WordPress REST API plugin. Basically the attacker can obtain the username, email address, first name, last name, date of registration, and detailed privilege information about every registered user on the target WordPress with a single HTTP request. Such WordPress REST API security issues were the worry of many WordPress users when WordPress were planning of including the REST API in the core.
Well, the vulnerability was fixed, so we have a better WordPress REST API now. Also, it was never included in the WordPress core, so there is not much to worry about. Below is the complete list of all the reported vulnerabilities during October 2016.
WordPress
Source: https://managewp.org/articles/13731/roundup-of-the-wordpress-plugins-themes-vulnerabilities-october-2016
source https://williechiu40.wordpress.com/2016/11/01/roundup-of-the-wordpress-plugins-themes-vulnerabilities-october-2016/