A critical privilege injection vulnerability has been reported in WordPress 4.70 and 4.71. The vulnerability allows an unauthenticated hacker to modify content of a page/post in WordPress site. The vulnerability was found in the REST API added by WordPress in one of its recent release. As soon as the vulnerability was discovered, WordPress security team worked on the patch and released it under the 4.7.2 update.
WordPress vulnerability content injection- Astra Firewall

Websites Still Vulnerable

Thousands of websites still remain vulnerable. Since the patch & exploit methods are out in the open, hackers are exploiting the vulnerability and defacing the websites.

WordPress Vulnerability leading to Content Injection

The problem is bigger for users who have wordpress update constrains due to custom development done on top. It is anticipated that this is only the start of mass defacement campaigns by hackers. Here are a few consequences of this vulnerability:

  • Spam SEO: Since anyone can input arbitrary code in the post/page sections, a lot of spam seo links are being injected in the websites.
  • Google Blacklisting: It is already been seen that google has been giving ‘This Site may be Hacked’ message under the website URL on search queries. Is not cleaned, such websites could be completely blacklisted by google.
    WordPress Content Injection_AstraSecurity
  • Targeted Attacks: Hackers can perform more targeted attacks to steal session data of administrators/website users.

Around 70,000 websites are estimated to be exploited by hackers till now. This number is only increasing passing every day as more and more hacker communities get to know about the magnitude of large chunk of websites still vulnerable.

Astra Security team is on top of this. We will keep on updating this as and when new findings happen. Astra Firewall users are safe from this vulnerability. You can start using Astra for your WordPress website now: https://www.getastra.com/wordpress-security 

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Astra Team

We are on a mission to make web a more secure place, one website at a time!

6 Comments

  1. Hey! Do you know if they make any plugins to safeguard
    against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?

  2. whoah this blog is magnificent i love reading your posts.
    Stay up the great work! You already know, many people are
    hunting around for this info, you can aid them greatly.

  3. It’s actually a great and useful piece of info. I am happy that you simply shared this helpful information with us. Please keep us up to date like this. Thank you for sharing.

  4. Pretty section of content. I just stumbled upon your weblog and
    in accession capital to assert that I get actually enjoyed account your blog posts.
    Anyway I’ll be subscribing to your feeds and even I achievement you
    access consistently rapidly.

  5. Wohh just what I was looking for, thanks for posting.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close