WordPress websites running on version 4.7.0 and 4.7.1 are under siege

active-attacks-against-wordpress-rest-api-vulnerability_blog
active-attacks-against-wordpress-rest-api-vulnerability_blog

Are you still running your website or blog on WordPress version 4.7.0 or 4.7.1? Then your website or blog is under massive threat. This ArsTechnica update says that more than 2 million WordPress webpages and blog posts have been defaced using the vulnerabilities that exist in WordPress version 4.7.0 and 4.7.1. So if you’re still using these versions, upgrade to 4.7.2 as early as possible. In fact, right now.

Some web hosts upgrade WordPress to the latest version automatically but if you are hosting your WordPress installation on your own then you may have to upgrade it manually. When you log into your dashboard you will see a message that you need to upgrade your WordPress version to 4.7.2. Do it fast.

The vulnerability is in the REST API, that has been patched in WordPress version 4.7.2. 39,000 unique domains have been affected. Security firm Sucuri has reported that 4 hacking groups are active and defacing websites.

REST-API-Attacks-Blocked-by-Wordfence-Premium

Using the vulnerability in the REST API, attackers can make simple HHTP requests that allow them to bypass the authentication system and then easily alter the title and the content of the WordPress pages.

About Amrit Hallan
Amrit Hallan is the founder of TechBakBak.com. He writes about technology not because "he loves to write about technology", he actually believes that it makes the world a better place. On Twitter you can follow him at @amrithallan

Be the first to comment

Leave a Reply

Your email address will not be published.


*