Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated. In fact, we are seeing quite a few sites that are still using versions 4.7 and 4.7.1, which are vulnerable to the WordPress REST API vulnerability patched in early February  (version 4.7.2). This more serious vulnerability allows attackers to create, delete, and modify posts on vulnerable websites without authorization.

Continue reading SEO Spam Campaign Exploiting WordPress REST API Vulnerability at Sucuri Blog.

Via Sucuri.net