Скачать или смотреть Fix user disclosure on REST API in WordPress

Have you had a Pen test and found user information is disclosed on the REST API?

In this video I show you how we can fix this issue for your WordPress setup.

We have two methods,

The GIST code snippet methods found here: https://gist.github.com/mrkdevelopmen...

A full plugin method here: https://github.com/MRKWP/mrkwp-rest-p...

This exploit was documented as https://www.cvedetails.com/cve/CVE-20...

It is currently considered fixed inside WordPress 4.7 or greater. Depending on your Audit, you will see the disclosure issue in your security audit all the way up to WordPress 6.5 or greater.

The user api is still readable, it just has much less information in it that originally set up in the REST API.

The solution in this video is to 401 / 403 the end point for REST API when you are not logged in with an Administrative level (Post Editing) level in the WordPress website.

You can visit my blog for more on WordPress security: https://www.mrkwp.com/tag/wordpress-s...

=================================

My Favourite WordPress tools:

Kadence Theme
https://bit.ly/42M9u74

Kadence Blocks Pro
https://bit.ly/42INdXI

Kadence Pricing
https://bit.ly/49oWvdZ

The Event Calendar
https://bit.ly/3UKQio3

Blocksy Theme
https://bit.ly/32UQSHx

WP Stackable Blocks
https://bit.ly/3eY2VGh

Astra Theme
https://bit.ly/3eXzIeM

WP Rocket
https://bit.ly/3pXODf3

Gravity forms
https://bit.ly/3sZlimF

My Favourite WordPress hosts:

Spinup WP ( get $50 on signup ):
https://bit.ly/48ERe0B

WP Engine
https://bit.ly/3eTQR9d

Cloudways
https://bit.ly/48skhFV

Please note these are affiliate links and I get a small kick back from these websites if you make a purchase. We do not do sponsored content and my thoughts are my own. By purchasing with these links you are supporting my channel to create more helpful content.