[SingCERT] Threat Alert: Compromised WordPress Websites due to Outdated WordPress Versions

Published on Wednesday, 08 February 2017 17:16

Background
Over the past 3 days, SingCERT has observed an increase in defacements affecting websites hosted in Singapore as well as .sg websites hosted both locally and overseas on WordPress version 4.7.1 and earlier versions. Based on initial investigations by SingCERT, this was a result of an exploitation of a Wordpress vulnerability.

Affected Software
  • WordPress 4.7.1 and earlier

Impact
An unauthenticated user can modify the contents of posts or pages of a WordPress site, resulting in defacements, spam or malicious contents on the website.

Solution
Website owners whose websites are running on WordPress and service providers who offer WordPress to clients are advised to update WordPress to version 4.7.2 as soon as possible.

Other Recommendations
Owners running a WordPress site should refer to OWASP WordPress Security Implementation Guideline to secure your website.

References
https://blog.sucuri.net/2017/02/wordpress-rest-api-vulnerability-abused-in-defacement-campaigns.html
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
https://www.owasp.org/index.php/OWASP_Wordpress_Security_Implementation_Guideline