“This figure has spiralled out of control, and has spread across 39,000 domains with as many as twenty hacking groups taking part in the attack.”
A security breach has led to the mass defacement of blog websites supported by WordPress, with a number allegedly as high as 1.5 million pages affected.
The exploited vulnerability was in the Representational State Transfer (REST) Application programming interface (API) – REST API. The weakness was allegedly only present in versions 4.7.0 and 4.7.1, with the issue fixed in 4.7.2.
The attack was first reported by the web security firm Sucuri, at which point it was discovered that ‘four groups of attackers defaced over 67,000 pages’, according to the BleepingComputer.
This figure has spiraled out of control, and has spread across 39,000 domains with as many as twenty hacking groups taking part in the attack.
There appears to be a continuing struggle with security for WordPress, after recently announcing patch 4.7.2 and encouraging users to upgrade as soon as possible to patch flaws with cross-site scripting and SQL injection.
Veracode’s Paul Farrington said of the situation: “It is absolutely imperative that all users of WordPress 4.7.2 upgrade immediately to the new version. Despite having been around for over a decade and regularly featuring on the OWASP Top 10 list (the widely accepted standard for application security), both SQL injections and cross scripting vulnerabilities continue to expose enterprises to large-scale breaches and brand damage. The 2015 TalkTalk breach only serves as a reminder of the severity of this attack vector”.
READ MORE: Why is WordPress so hackable?
BleepingComputer reported that “WordPress and Sucuri experts realized they couldn’t keep” the details of the wider REST API attack “a secret” long enough for patch 4.7.2 to right the issue, as the scale of the attack mounted too quickly and intensely.
WordPress has also been the target of other attacks; these include the hacking of the Reader’s Digest website for example, and according to David Emm, senior security researcher at Kaspersky Lab said “a couple of instances with cross site scripting exploits” had been noticed at the end of last year.