CMS

Update WordPress to 4.7.2 ASAP! Critical Vulnerability Leading to SEO Poisoning Found

Updated on: March 29, 2020

WordPress vulnerability content injection- Astra Firewall

A critical privilege injection vulnerability has been reported in WordPress 4.70 and 4.71. The vulnerability allows an unauthenticated hacker to modify content of a page/post in WordPress site. The vulnerability was found in the REST API added by WordPress in one of its recent release. As soon as the vulnerability was discovered, WordPress security team worked on the patch and released it under the 4.7.2 update.

Websites Still Vulnerable

Thousands of websites still remain vulnerable. Since the patch & exploit methods are out in the open, hackers are exploiting the vulnerability and defacing the websites.

WordPress Vulnerability leading to Content Injection

The problem is bigger for users who have wordpress update constrains due to custom development done on top. It is anticipated that this is only the start of mass defacement campaigns by hackers. Here are a few consequences of this vulnerability:

  • Spam SEO: Since anyone can input arbitrary code in the post/page sections, a lot of spam seo links are being injected in the websites.
  • Google Blacklisting: It is already been seen that google has been giving ‘This Site may be Hacked’ message under the website URL on search queries. Is not cleaned, such websites could be completely blacklisted by google.
    WordPress Content Injection_AstraSecurity
  • Targeted Attacks: Hackers can perform more targeted attacks to steal session data of administrators/website users.

Around 70,000 websites are estimated to be exploited by hackers till now. This number is only increasing passing every day as more and more hacker communities get to know about the magnitude of large chunk of websites still vulnerable.

Astra Security team is on top of this. We will keep on updating this as and when new findings happen. Astra Firewall users are safe from this vulnerability. You can start using Astra for your WordPress website now: https://www.getastra.com/wordpress-security 

Was this post helpful?

Astra Team

We are on a mission to make web a more secure place, one website at a time!
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

6 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ernesto
Ernesto
3 years ago

Hey! Do you know if they make any plugins to safeguard
against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?

Joy
3 years ago
Reply to  Ernesto

Sure they do. There are a number of plugins available to ensure security for WordPress. Our plugin Astra Security Suite is one of the most updated & top-notch plugin for WP. You can give it a try, see http://www.getastra.com/wordpress-security

viabestbuy review
viabestbuy review
3 years ago

whoah this blog is magnificent i love reading your posts.
Stay up the great work! You already know, many people are
hunting around for this info, you can aid them greatly.

Lois
Lois
3 years ago

It’s actually a great and useful piece of info. I am happy that you simply shared this helpful information with us. Please keep us up to date like this. Thank you for sharing.

Legit
Legit
3 years ago

Pretty section of content. I just stumbled upon your weblog and
in accession capital to assert that I get actually enjoyed account your blog posts.
Anyway I’ll be subscribing to your feeds and even I achievement you
access consistently rapidly.

corburt erilio
corburt erilio
3 years ago

Wohh just what I was looking for, thanks for posting.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany