WordPress: A million sites defaced in attacker ‘feeding frenzy’
14 February 2017 |
More than a million WordPress websites have been defaced following the discovery of a privilege escalation vulnerability in the popular content management system (CMS).
Site administrators have been advised to update their software to version 4.7.2, which patches the REST API endpoint flaw, as soon as possible.
The vulnerability allows attackers to change content on WordPress websites. The fix was released on January 26th, but WordPress did not announce it until February 1st in the hope that the CMS’s auto update feature would patch sites before the flaw went public.
WordPress is a popular target for attackers due to its widespread use online, and not all websites were immediately updated. Security experts from Wordfence said they saw a huge uptick in attacks exploiting the flaw after the its announcement.
“This vulnerability has resulted in a kind of feeding frenzy where attackers are competing with each other to deface vulnerable WordPress websites,” wrote CEO Mark Maunder in a blog post.
“During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor.”
He said his firm’s researchers have identified 20 different defacement campaigns, in which hackers are modifying their victims’ sites to leave “their own signature”. The most widespread campaigns have attacked more than 12,000 unique sites each.
Maunder said that in some cases hackers appear to be competing to deface certain websites, which are marked with one attacker’s name before it is replaced by another’s.
“This is one of the worst WordPress-related vulnerabilities to emerge in some time,” he wrote. “Our site cleaners have been working with site owners all week to help them clean defaced sites.”
WordPress site administrators should update their websites to the CMS’s latest version as soon as possible to avoid falling victim to this kind of attack.