WP REST API 1.2.3 Patches XSS Vulnerability

WP REST API version 1.2.3 and 2.0 Beta 4 address a security issue that affects sites running 1.2 or 2.0 beta. This release fixes a potential XSS vulnerability related to JSONP support in 1.2 and 2.0 of the API. Automatic updates are in progress for 1.2.3 but if your site hasn’t automatically updated, the team suggests updating manually as soon as possible.

In addition to the security release, 2.0 Beta 4 includes a number of enhancements, some of which break backwards compatibility. Developers and beta testers should read the detailed changelog and release notes.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.


  1. Done and upgraded!

    I’m working on a plugin which will allow third-party plugins or users to pull information based on WordPress native API. Hopefully, this API will become part of the core in one of the future major versions.


  2. Ciprian, cool that is interesting. could you keep us up to date as may fit in well with our platform to pull data from WP rest API into a number of platforms like erp,pos etc. Keep us up to date as we are always keen to learn about the rest data capabilities of WP. Especially as there are so many WP drop shippers out there that may need the API to pull data from origins


Comments are closed.