A recently discovered security hole in popular blogging website software WordPress has left thousands of blogs open to being hacked as used to host spam and malware.
The vulnerability in the REST API file on versions of WordPress older than 4.7.2 has meant that hackers have been able to deface thousand of pages on WordPress blogs running older versions of the software. And this has resulted in these compromised blogs being used to post links to sites hosting malware and spam.
The hacked blogs report messages such as “Hacked By GeNErAL” replacing the blog posts. Infected blog owner are advised to ensure they have an up to date back up and then run exploit scanner before upgrading to the latest version of the WordPress software.
WordPress were notified about the zero day security hole in the software by security researchers Sucuri and a patch was automatically rolled out to sites running on WordPress with the latest update to 4.7.2.
Unfortunately for various reasons not everyone has automatic updates set to install the latest version, whether that is because there web host doesn’t allow the required permissions or the site admins want to check compatibility with other software before installing any updates and this has left them vulnerable to this hack.
Anyone who runs a WordPress blog is advised to check that it running at the latest version and if not to upgrade as soon as possible.