Recent WordPress vulnerability used to deface 1.5 million pages

Click here to visit Original posting

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven't yet applied a recent patch for a critical vulnerability.

The vulnerability, located in the platform's REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later, to allow enough time for a large number of users to deploy the update.

To read this article in full or to leave a comment, please click here

Recent WordPress vulnerability used to deface 1.5 million pages

The cheapest Sonos sales and deals for March 2025

This is the smallest AMD PC I’ve ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results

One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple’s PowerMac G4 Cube PC – but way smaller

Netflix drops trailer for The Electric State, and I’m getting serious District 9 vibes