Massive attack on WordPress sites

Attacks on WordPress sites which contain the REST API flaw have increased significantly, with 1.5 million pages defaced.

The WordPress REST API vulnerability allows a remote attacker to craft an HTTP request that pings a REST API endpoint and alters titles and content on the user’s website.

Exploiting the flaw is trivial and according to Sucuri, a few public exploits have been published online since last week.

“Even if the vulnerability affects only WordPress 4.7.0 and 4.7.1 and the CMS has a built-in auto-update feature for security issues, many websites haven’t been updated,” said Sucuri.

Web security firm WordFence said the latest number of compromised pages stands at 1.5 million – with 20 hacking groups involved in a defacement turf war.

To protect a WordPress site against the attacks, update it to the most recent version (v4.7.2).

Now read: WordPress security flaw put millions of websites at risk

Latest news

Partner Content

Show comments

Recommended

Share this article
Massive attack on WordPress sites