WordPress Security Vulnerability Leads To 1.5 Million Web Pages Being Defaced

Cyber attacks on WordPress sites that exploit a vulnerability in the REST application programing interface (API) have intensified leading to 1.5 million pages being defaced across 39,000 unique domains.

The flaw has been patched in the 4.7.2 version of WordPress, according to the Beeping Commuter, but despite this the exploit has been tapped into by 20 malicious hacker groups engaging in a web page defacement turf war.

Defacement debacle

Researchers from Securi Security first discovered the flaw in the widely-used content management system, which the WordPress team kept secret for a week due to the high-risk of the flaw. They later revealed that security hole with the release of WordPress 4.7.2.

But given the speed at which hackers can move to exploit security flaws, they rapidly found that they could attack unpatched WordPress sites through crafting simple HTTP requests that allow them to bypass authentication systems on WordPress sites and then edit the content ant titles of web pages using the versions 4.7.0 and 4.7.1 of WordPress.

As such, there has been a sharp increase in attacks and WordPress site defacement, presumably due to hacker groups competing with each other for bragging rights, as well as defacing sites already attacked by one group.

However, Daniel Cid, founder of Sucuri Security warned that that defacements are just the beginning to the activates of hackers exploiting unpatched WordPress sites.

“Defacements don’t offer economic returns, so that will likely die soon. What will remain are attempts to execute commands (RCE) as it gives the attackers full control of a site – and offers multiple ways to monetize – and SPAM SEO / affiliate link / ad injections,” he explained.

“We are starting to see them being attempted on a few sites, and that will likely be the direction this vulnerability will be misused in the coming days, weeks and possibly months.”

While security issues are not uncommon in WordPress sites, the website company is attempting to make the sites of its user more secure by offering custom domains free upgrade to the HTTPS web protocol.

Earlier this week it emerged security firm Trend Micro had fallen victim to a content spoofing vulnerability on its customer-facing blog.

Are you a security expert? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

14 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

15 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

16 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

17 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

18 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

19 hours ago