A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60