A critical vulnerability was disclosed last week by the WordPress developers.
It came to know that the vulnerability was already exploited and thousands of websites are already hacked. The
security firm Sucuri warned about it on Monday.
At the end of last month, WordPress 4.7.2 was released.The
developers of the popular Content Management System (CMS) informed that
the latest version has patched three vulnerabilities, including
cross-site scripting (XSS), SQL injection and access control issues.
Just roughly one week later, the developers admitted that the version
4.7.2 patched yet another flaw, described as the unauthenticated
privilege escalation and the content injection vulnerability affecting
REST API. This security hole allows a hacker to modify the content of
any post or page on the targeted site.
This flaw, identified by the researchers at Sucuri, was already disclosed
one week after the release of WordPress 4.7.2 just to give users enough
time to patch their latest installations. However, according to Sucuri,
many of the WordPress websites still have not updated.
Sucuri has tracked four different defacement campaigns. They started
seeing the first attacks leveraging this vulnerability in less than 48
hours after the official disclosure. In one of these campaigns, the attackers replaced the content of more
than 60,000 web pages (about 67,000) with their “Hacked by” messages. In the other
three operations, two of which are sharing a single IP address, have
each targeted nearly 500 pages.
The SecurityWeek has
noticed that some of the compromised websites have also been re-defaced
by a fifth actor. Fortunately, some of the affected sites have already
been cleaned up and updated to WordPress 4.7.2.
“There’s already a few exploit attempts that try to add spam images and content to a post. Due to the monetization possibilities, this will likely be the #1 route to abuse this vulnerability,” explained Daniel Cid, CTO and founder of Sucuri.
The company’s WAF network has seen an increasing number of exploit attempts, reaching nearly 3,000 on Monday.
Hello Everyone !
ReplyDeleteUSA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
CONTACT: onlineghosthacker247 @gmail. com
ReplyDelete-Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
-Let them Help You Hack Any Website Or Database
-Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
-Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
-And All Related Services
- let them help you in recovery any lost fund scam from you
onlineghosthacker Will Get The Job Done For You
onlineghosthacker247 @gmail. com
TESTED AND TRUSTED!
This is a very useful blog that you shared with us,
ReplyDeletethank you
regards
hire a hacker for Instagram