A security vulnerability has been discovered in WordPress that allows hackers to deface websites
“An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.”
What does this mean?
The vulnerability allows hackers to deface websites by replacing existing content with their own. Many of the hackers are using this exploit in much the same way as vandals treat a brick wall, by tagging it. The majority simply replace an existing blog post with their name and a message, often relating to a political affiliation such as “Free Palestine” or boasting about their skill as a hacker.
Is there a fix?
This issue was reported to WordPress developers in secrecy by a security firm who test WordPress to find such vulnerabilities. The reason for keeping it secret is to allow developers time to fix the issue before hackers and the general public learn about the issue, therefore protecting websites until a fix is released.
Developers at WordPress have released an update (version 4.7.2) to fix the issue.
Applying the fix.
If you already have a contract with us to look after your backups and updates, then you needn’t worry as we have already updated all of the websites subscribed to the service.
If you don’t have a contract with us for this service then you can either get in touch to sign up straight away, or follow the instructions below on how to apply the update yourself.
To resolve this issue all you need to do is login to your WordPress site, go to updates and run the update to version 4.7.2. This should then automatically run the update service on your site.
Please be sure to take a full backup of your website before running this update.
If you have any questions or want to know more about the issue or how we can help you, then please get in touch.