Thousands of WordPress Sites Hacked
(from February 11)
After secretly patching three security flaws over a week ago, WordPress disclosed information about a vulnerability. WordPress worked closely with security companies to install a patch before announcing the information to ensure that hackers didn’t get a chance to exploit the flaws.
However, not all websites are safe. Most WordPress sites automatically update, but for those admins that disabled the feature, the patch has yet to be installed.
The vulnerability resided in the WordPress REST API, and would allow an unauthenticated attacker to delete or modify pages on an unpatched website, and even redirect visitors to malicious exploits.
Within 48 hours of the disclosure, at least four campaigns were launched, replacing content on over 66,000 web pages.
Site admins are urged to update to the latest WordPress realease, 4.7.2, immediately.
Return To Article
