WordPress Vulnerability in the Wild

WordPress_API

Security Company Sucuri recently announced that they had found a Content Injection Vulnerability in WordPress Core, stemming from the recently included (in version 4.7) and enabled by default WordPress API feature.

The vulnerability would allow a malicious user to use the Rest API to edit pages and posts, inject shortcodes or even run PHP directly if certain plugins are installed.

The issue was silently patched in version 4.7.2, which was released Jan. 26th, 2017.

So What does this mean for me?

If you are running WordPress 4.7.0 or 4.7.1 you need to upgrade immediately.  If you are worried that you might have already been infected, I would recommend using a security like Sucuri Scanner to check your site for known issues.

WordPress has an option, turned on by default, to do all minor updates, so you may be patched and not realize it, but it is better to check and be sure than to leave it to chance.

What next?

If you want to read more about the technical bits of how the exploit works, you can read more about it on Sucuri's Blog.

As with any major potential issue, it is good to ensure you have a plan of action in case the worst happens.

  • Check that you have good backups, preferably one not hosted on the server in the event of a massive issue.
  • Do a security audit of your site.
    • Are all your Plugins up to date?
    • Have you disabled or removed users that are no longer needed?
    • Run a security scan regularly.
  • What is the plan if you get hacked?  Who is responsible for getting you back online and close the vulnerability?

Should you have any questions about hosting please feel free to contact us here.