This week, we take a look at how WordPress got exploited by a 3rd-party plugin and how API security research can sometimes be a very ungrateful endeavor. In addition, we also have the cost of ignoring API security as showcased by Facebook as well as several good JSON Web Token (JWT) talks. And as a cherry on top, we have a patch release to the OpenAPI Specification (OAS).
Vulnerability: WordPress ThemeREX Addons Plugin
WordPress REST APIs got exposed and exploited through ThemeREX Addons plugin, installed on about 44,000 sites.