Now we get a better sense of Krogsgard's excitement over WordPress' new direction and the range of projects he predicts WordPress will be used to support. "The REST API makes WordPress more ...

Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor.

The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If you are running these versions of the CMS, you are vulnerable to this attack. However, if you have automatic ...

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.