Menu Close

WordPress REST API Vulnerability Abused in Defacement Campaigns

WordPress 4.7.2 premiered two weeks before, including a fix for a severe vulnerability in the WordPress Slumber API. We’ve been monitoring our WAF network and honeypots meticulously to observe how so when the attackers would make an effort to exploit this matter the wild.

In under 48 hours following the vulnerability was disclosed, we observed multiple general public exploits being distributed and put up online. With this information available easily, the internet-wide probing and exploit attempts began.

Patches AREN’T Being Applied

WordPress comes with an auto-update feature empowered by default, along with a fairly easy 1-click manual revise process. Not surprisingly, not many people are alert to this presssing concern or in a position to revise their site. This is leading to a huge number of sites being compromised and defaced.

We are monitoring four different hacking (defacement) organizations doing mass scans and exploits tries over the internet. We start to see the same IP addresses and defacers reaching nearly every one of the honeypots and network.