WordPress Version 4.7.2 was released primarily to correct three security flaws, including an SQL injection and XSS (cross-site scripting) flaw. Administrators who have yet to update WordPress to the new version put their website at a high risk of piracy.
This high-risk is caused by a vulnerability to the REST API in WordPress 4.7. The vulnerability creates a critical bug which allows an exploitation to take place. During the exploitation, an attacker can inject code into an article without having the correct rights. Simply put, it is an open door to everything. The vulnerability was promptly fixed in the latest 4.7.2 update.
Sucuri was the first to launch the alert after detecting nearly 150,000 pirated web sites during their latest monitoring. A large-scale, automated SQL injection (SQLi) campaign was detected and at least four cybercriminals are now managing to exploit the vulnerability. Just type “by w4l3XzY3” into Google search to see how many indexed websites have already been exploited.
Hackers also seem to be taking accountability with simple vandalism, leaving their signature to let the world know who carried out the attack (thriving on the publicity). The following three campaigns have been detected by security experts, using the following signatures:
In addition, IP addresses used by hacker group w4l3XzY3:
- 2A00: 1a48: 7808: 104: 9b57: dda6: eb3c: 61e1
As for the other three attacks launched by Cyb3r-Shia, + By+NeT.Defacer and By+Hawleri_hackequi the IP addresses identifies as follow:
“WordPress has an automatic update feature enabled by default, along with a one-click manual update procedure. Despite this, many people are not aware of this problem that affects the REST API or are not able to update their site. This leads to a large number of compromised and altered sites.”
If you were using WordPress 4.7 and have not updated to WordPress 4.7.2, we strongly advise you to do so without delay.