The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.

A WordPress plugin was patched Thursday night, close to a week after reports began to surface of public attacks against a zero-day vulnerability. WP Mobile Detector was pulled from the WordPress Plugin Directory once the attacks went public. It was restored last night and users are urged to update to version 3.7 immediately. The plugin...