Dear Clients
We would like to inform you of a recent vulnerability that came to front; Update Your WordPress to 4.7.2 to Avoid Content Injection Vulnerability
For the potentially millions of users who are currently on WordPress 4.7.0 or 4.7.1, it is highly recommended that you upgrade to the latest patched version of 4.7.2 immediately.
Over 67,000 websites have been defaced already, at a pace of about 3000 a day.
Here’s how it happened;
A WordPress bug called REST API was enabled by default on all sites using WordPress 4.7.0 or 4.7.1. One of these REST endpoints allows access to view, edit, delete and create posts. Essentially, this bug lets visitors edit any post on the site.
You can find more information on the vulnerability from the wizards over at Sucuri. Sucuri’s CTO Daniel Cid suggests this bug may also have SEO implications, including SEO spam groups creating content of their own links and images. Once your website is flagged for shady SEO practices, you may lose your visibility and reputation in Google, so our recommendation is to act fast and upgrade to 4.7.2.
To upgrade; either download 4.7.2 or log into your site, head to Dashboard → Updates and click “Update Now.”
- https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
- https://wordpress.org/download/
* And remember if you don’t use WordPress you have nothing to worry about!
Warm Regards,
The eDisc Web Team