A critical privilege injection vulnerability has been reported in WordPress 4.70 and 4.71. The vulnerability allows an unauthenticated hacker to modify content of a page/post in WordPress site. The vulnerability was found in the REST API added by WordPress in one of its recent release. As soon as the vulnerability was discovered, WordPress security team worked on the patch and released it under the 4.7.2 update.
Websites Still Vulnerable
Thousands of websites still remain vulnerable. Since the patch & exploit methods are out in the open, hackers are exploiting the vulnerability and defacing the websites.
The problem is bigger for users who have wordpress update constrains due to custom development done on top. It is anticipated that this is only the start of mass defacement campaigns by hackers. Here are a few consequences of this vulnerability:
- Spam SEO: Since anyone can input arbitrary code in the post/page sections, a lot of spam seo links are being injected in the websites.
- Google Blacklisting: It is already been seen that google has been giving ‘This Site may be Hacked’ message under the website URL on search queries. Is not cleaned, such websites could be completely blacklisted by google.
- Targeted Attacks: Hackers can perform more targeted attacks to steal session data of administrators/website users.
Around 70,000 websites are estimated to be exploited by hackers till now. This number is only increasing passing every day as more and more hacker communities get to know about the magnitude of large chunk of websites still vulnerable.
Astra Security team is on top of this. We will keep on updating this as and when new findings happen. Astra Firewall users are safe from this vulnerability. You can start using Astra for your WordPress website now: https://www.getastra.com/wordpress-security
Hey! Do you know if they make any plugins to safeguard
against hackers? I’m kinda paranoid about losing everything I’ve worked hard on. Any suggestions?
Sure they do. There are a number of plugins available to ensure security for WordPress. Our plugin Astra Security Suite is one of the most updated & top-notch plugin for WP. You can give it a try, see http://www.getastra.com/wordpress-security
whoah this blog is magnificent i love reading your posts.
Stay up the great work! You already know, many people are
hunting around for this info, you can aid them greatly.
It’s actually a great and useful piece of info. I am happy that you simply shared this helpful information with us. Please keep us up to date like this. Thank you for sharing.
Pretty section of content. I just stumbled upon your weblog and
in accession capital to assert that I get actually enjoyed account your blog posts.
Anyway I’ll be subscribing to your feeds and even I achievement you
access consistently rapidly.
Wohh just what I was looking for, thanks for posting.