[SingCERT] Threat Alert: Compromised WordPress Websites due to Outdated WordPress Versions
Published on Wednesday, 08 February 2017 17:16Background
Over the past 3 days, SingCERT has observed an increase in defacements affecting websites hosted in Singapore as well as .sg websites hosted both locally and overseas on WordPress version 4.7.1 and earlier versions. Based on initial investigations by SingCERT, this was a result of an exploitation of a Wordpress vulnerability.
- WordPress 4.7.1 and earlier
An unauthenticated user can modify the contents of posts or pages of a WordPress site, resulting in defacements, spam or malicious contents on the website.
Website owners whose websites are running on WordPress and service providers who offer WordPress to clients are advised to update WordPress to version 4.7.2 as soon as possible.
Owners running a WordPress site should refer to OWASP WordPress Security Implementation Guideline
to secure your website.