7 February 2017

WordPress vulnerability in REST API is being actively exploited

WordPress vulnerability in REST API is being actively exploited

WordPress vulnerability in REST API is being actively exploited

Attacks against unpatched WordPress websites are seen in the wild.

Website owners started to complain about website hacks just hours after WordPress made publicly available information about content injection vulnerability in REST API (described in security advisory SB2017012702 #4). The vulnerability in question was silently patched in version 4.7.2 and disclosed a couple of days after the rest of vulnerabilities in security advisory.

A lot of people started to criticize WordPress for withholding information about the patch as it raised some privacy concerns. As we can see however it was a correct decision and lots of people were able to patch their WordPress instances before the actual outbreak has started.

Currently we are seeing automated attacks exploiting vulnerability in REST API. The requests to the website look as follows:

1)      The attackers send request to URL:

http://[host]/index.php/wp-json/wp/v2/posts/

2)      Obtain the latest post identifier

3)      Send request to the obtain post identifier and inject the following contents:

Hacked By <Supposedly hackers nickname>

e.g.:

Hacked By BALA SNIPER

or

Hacked By MuhmadEmad

Evidence of hacked websites in .cz domain according to Google:

Hacked By BALA SNIPER 1700
Hacked By MuhmadEmad 1170

 

If you are seeing this page on your website, your website has been compromised. According to Sucuri, this vulnerability can be used to execute arbitrary PHP code if combined with functionality of third-party WordPress plugins. We urge WordPress website owners to install the latest version of WordPress 4.7.2 ASAP.

 

Back to the list

Latest Posts

Week in review: major security incidents in October 9-15

Week in review: major security incidents in October 9-15

The article contains a brief report of cybersecurity incidents for the past week.
16 October 2017
Week in review: major security incidents in October 2-8

Week in review: major security incidents in October 2-8

The article contains a brief report of cybersecurity incidents for the past week.
9 October 2017
Week in review: major security incidents in September 25 – October 1

Week in review: major security incidents in September 25 – October 1

The article contains a brief report of cybersecurity incidents for the past week.
3 October 2017
Featured vulnerabilities
FreeBSD update for WPA2 protocol
Medium Patched | 18 Oct, 2017
Information disclosure in Tor
Low Patched | 17 Oct, 2017

Future events
Location: Na Strži 65/1702, Praha 4
Links: http://financnictvi.konference.cz/

Technologické inovace ve finančním sektoru (FINTECH). Kybernetická bezpečnost, risk management, decision engine, datová analýza, reporting, platformy bezpečnostních technologií, mobilní aplikace v globálním světě financí, projektové řízení, případové studie.
Location: Bajkalská 25/A, Bratislava
Links: http://bdd.exponet.sk/

Explózia dát je nepochybne sprievodným javom súčasnosti. Preto aj problematika bezpečnosti a dostupnosti dát zaznamenáva prevratný rozvoj a jej obsah a rozsah sa mení tiež v súvislosti s vývojom nových technológií. Ochrana dát sa netýka len jednotlivých zariadení, ale aj sietí, online úložísk a služieb. Množstvo dát, portfólio zariadení a úložisk sa tiež významne rozširuje s nástupom internetu vecí. Konferencia sa zameriava na aktuálne trendy a možnosti lepšej ochrany a efektívnej práce s dátami.
Location: Na Strži 65/1702, Praha 4
Links: http://did.konference.cz/

Konference přinese aktuální témata, vystoupení předních odborníků z praxe i z akademického prostředí, případové studie. V popředí zájmu budou big data, data analytics, propojování interních a externích dat, business intelligence, geodata, open data,  big data ve finančnictví, vzdělávání i astronomii.