Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim's server by installing a hidden backdoor.

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.

The REST API allows plugins, themes and other applications to manipulate WordPress content and create interactive functionalities. This technology extends what the WordPress core can do.

Now we get a better sense of Krogsgard's excitement over WordPress' new direction and the range of projects he predicts WordPress will be used to support. "The REST API makes WordPress more ...

Attacks on WordPress sites using a vulnerability in the REST API, patched in WordPress version 4.7.2, have intensified over the past two days, as attackers have now defaced over 1.5 million pages ...

While it can be argued that WordPress’ REST API qualifies it as a headless CMS, the opposing argument holds that a truly headless CMS must do more than simply provide an API.

A fifth of the Internet may soon have a vastly easier way to build new functions if the REST API under development becomes part of Wordpress’s core code.

WordPress Update 5.8.1 addresses three security issues in REST API, Gutenberg editor and Lodash JavaScript library. Recommends updating now ...

The REST API is enabled by default on all sites using WordPress 4.7.0 or 4.7.1. If you are running these versions of the CMS, you are vulnerable to this attack. However, if you have automatic ...

According to the WordPress security firm, the plugin works by setting up a WordPress REST-API endpoint but does not check that commands sent to this REST API are coming from authorized users (i.e ...