Attackers have found a way to escalate the benign WordPress REST API flaw and use it to gain full access to a victim’s server by installing a hidden backdoor.
On January 26, the WordPress team released WordPress 4.7.2, whoch contained a secret fix that addressed a vulnerability in the WordPress REST API.
Discovered by Sucuri, this flaw affected WordPress 4.7.0 and 4.7.1 and allowed an attacker to craft malicious HTTP requests that when sent to a WordPress site would allow the hacker to bypass authentication methods and alter the title and content of blog posts and static pages.
Over 2 million pages defaces via WordPress REST API flaw
Because the WordPress team feared attackers would exploit this flaw right away, they didn’t include details about the bug in the original announcement and only revealed its presence after a week, after a substantial number of users had updated their blogs.
Gratis är gott: Hantera dina e-böcker med Calibre
Calibre är ett program för att lösa, hantera och organisera dina e-böcker. Calibre is a complete e-book library manager....
0 kommentarer