Just a few days ago, Sucuri, a major website security service reported a significant threat within WordPress that involves the newly supported REST API. According to several tech outlets, recent attacks carried out through this vulnerability have reached over 1.5M pages.
To make matters worse, Sucuri has found remote code execution are now being used by hackers, targeting sites that have plugins which allow PHP executions within posts or pages. Plugins that are vulnerable to this type of attack include Insert PHP or Exec-PHP which both have over 100K active installs.
If you are currently a site owner relying on a PHP execution plugin such as these or similar, you are better off temporarily disabling the plugin until an updated version is released which fixes any vulnerabilities. Along with this, we HIGHLY recommend upgrading your WordPress core to 4.7.2 to help secure yourself from these threats.
As a graduate of the University of Massachusetts and our Managing Editor, Colt loves testing out the newest tech products/services. His goal is to help better educate other consumers to ensure the most satisfying purchases decisions on consumer electronics and services. When he is not working on creating new content, Colt enjoys spending time with his two Australian Shepherds, Mia and Zoey.