Few Weeks before WordPress secretly fixed the Zero-day Vulnerability in recent 4.7.2 security update .But researchers now start to see that many more Recent attacks are trying to spam users into buying drugs by phishing scam and looking for payment card details leave behind links to rogue pharmaceutical websites .
Since latest updates released by word press ,many WordPress website are not yet updated the current version .
Up to 20 attackers or gatherings of assailants are ruining WordPress sites that haven’t yet connected a recent patch for a critical vulnerability.
The vulnerability, situated in the stage’s REST API, permits unauthenticated attackers to change the substance of any post or page inside a WordPress site. The defect was settled in WordPress 4.7.2, discharged on Jan. 26.
The simplicity of execution is so low thus simple, we’re seeing script kiddies get this endeavor and have a field day with it,” said Logan Kipp of SiteLock. We’re seeing these 20 or so extraordinary performing artists battling about control and overwriting disfigurement, ordinarily minutes separated.
“This is the first case we’re aware of where someone is trying for monetary gain,” Kipp said. “They’re trying to get you to visit rogue pharmacy sites where there’s an equally high chance they’re going to steal your credit card number and run. North of 50 percent of the time, that’s the case with these sites.”
Logan Kipp of SiteLock Said ,
If you have applied WordPress patch 4.7.2, the vulnerability is no longer present. Based on the information we’ve gathered, if you have disabled the REST API (enabled by default), you are not affected by the vulnerability.
What is SiteLock and protection method:
Also Read :
