Friday, 10 February 2017

WordPress sites Hacked..!



A critical vulnerability was disclosed last week by the WordPress developers. It came to know that the vulnerability was already exploited and thousands of websites are already hacked. The security firm Sucuri warned about it on Monday.

At the end of last month, WordPress 4.7.2 was released.The developers of the popular Content Management System (CMS) informed that the latest version has patched three vulnerabilities, including cross-site scripting (XSS), SQL injection and access control issues.

Just roughly one week later, the developers admitted that the version 4.7.2 patched yet another flaw, described as the unauthenticated privilege escalation and the content injection vulnerability affecting REST API. This security hole allows a hacker to modify the content of any post or page on the targeted site.

This flaw, identified by the researchers at Sucuri, was already disclosed one week after the release of WordPress 4.7.2 just to give users enough time to patch their latest installations. However, according to Sucuri, many of the WordPress websites still have not updated.


Sucuri has tracked four different defacement campaigns. They started seeing the first attacks leveraging this vulnerability in less than 48 hours after the official disclosure. In one of these campaigns, the attackers replaced the content of more than 60,000 web pages (about 67,000) with their “Hacked by” messages. In the other three operations, two of which are sharing a single IP address, have each targeted nearly 500 pages.


The SecurityWeek has noticed that some of the compromised websites have also been re-defaced by a fifth actor. Fortunately, some of the affected sites have already been cleaned up and updated to WordPress 4.7.2.

“There’s already a few exploit attempts that try to add spam images and content to a post. Due to the monetization possibilities, this will likely be the #1 route to abuse this vulnerability,” explained Daniel Cid, CTO and founder of Sucuri.

The company’s WAF network has seen an increasing number of exploit attempts, reaching nearly 3,000 on Monday.

3 comments:

  1. Hello Everyone !

    USA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  2. CONTACT: onlineghosthacker247 @gmail. com
    -Find Out If Your Husband/Wife or Boyfriend/Girlfriend Is Cheating On You
    -Let them Help You Hack Any Website Or Database
    -Hack Into Any University Portal; To Change Your Grades Or Upgrade Any Personal Information/Examination Questions
    -Hack Email; Mobile Phones; Whatsapp; Text Messages; Call Logs; Facebook And Other Social Media Accounts
    -And All Related Services
    - let them help you in recovery any lost fund scam from you
    onlineghosthacker Will Get The Job Done For You
    onlineghosthacker247 @gmail. com
    TESTED AND TRUSTED!

    ReplyDelete
  3. This is a very useful blog that you shared with us,
    thank you
    regards
    hire a hacker for Instagram

    ReplyDelete

Thanks for reading this article.
Please comment your reviews..This will help us improve.

Popular Posts