Criminals Monetizing Attacks Against Unpatched WordPress Sites

Criminals have necessarily begun to attempt to monetize attacks against WordPress sites still to REST API endpoint silently fixed in the recent 4.7.2 security update.. While more than one million page have been defaced, researchers are now starting to see some defacements leave behind links to rogue page trying to data users into buying drugs or entice them into phishing scams for their card information... The attackers are taking responsibility of page running on WordPress platform that have not yet updated to the version. Researchers at SiteLock estimate that some 20 shark are vying for these illicit dollars, some defacing sites many years, sometimes removing links and solicitations left behind by other prisoners and charge those with their own... The ease of application is so low and so not hard, we're seeing script kiddies pick up this exploit and have year with it, said Logan Kipp of SiteLock.. The vulnerability, locate and publicly disclosed by researchers at Sucuri, allows shark with one line of exploit code to access API.  REST API endpoint vulnerability was introduced in WordPress 4.7 in December, and silently fixed first this year because of its severity. Those that have disabled the number, or any updates that failed, remain SiteLock estimates this number to be between 15 percent and 20 percent of WordPress sites... Short of patching, it is simple patch Treat it name cross-site programming vulnerability. The reason, WordPress plugin developer, is that shark perfectd attacks to circumvent rule that WordFence and others had implemented to staunch the year of attacks.  Read more