WordPress Version 4.7.2 was released primitively to correct three security flaws, which included a SQL injection and XSS (cross-site scripting) flaw. Administrators who have yet to update their WordPress find themselves at high risk of piracy.
WordPress版本4.7.2最初是为了纠正三个安全漏洞而发布的,其中包括SQL注入和XSS(跨站点脚本)漏洞。 尚未更新WordPress的管理员会发现自己面临盗版的高风险。
This high-risk is because of the vulnerability to the REST API in WordPress 4.7, creating a critical bug which allows for exploitation. The vulnerability allows an attacker to inject code into an article without having the correct rights. Simply put, it is an open door to everything. The vulnerability was promptly fixed in the latest update.
这种高风险是由于WordPress 4.7中的REST API的漏洞而造成的,它导致了一个严重的漏洞,可以被利用。 该漏洞使攻击者无法将代码注入文章中,而没有正确的权限。 简而言之,它是一切的门户。 该漏洞已在最新更新中及时得到修复。
Sucuri was the first to launch the alert after detecting nearly 150,000 pirated web sites during their latest monitoring. A large-scale automated SQL injection (SQLi) campaign was detected and at least four cyber criminals are now managing to exploit the vulnerability. Just type “by w4l3XzY3” in Google search, which shows many sites which have been indexed that have been exploited.
苏克里(Sucuri)在最新监视期间检测到将近15万个盗版网站后,率先发出警报。 检测到大规模的自动SQL注入(SQLi)活动,并且至少有四名网络罪犯正在设法利用此漏洞。 只需在Google搜索中键入“ by w4l3XzY3”,即可显示已被索引的许多站点已被利用。
Hackers also seem to be taking accountability with simple vandalism, leaving their signature to let the world know who carried out the attack (thriving on the publicity). The following three campaigns have been detected by security experts, using the following signatures:
黑客似乎还通过简单的破坏行为来追究责任,留下他们的签名以让全世界知道是谁发动了攻击(大力宣传)。 安全专家使用以下签名检测到以下三个活动:
- Cyb3r-Shia Cyb3r-什叶派
- By+NeT.Defacer 由+ NeT.Defacer
- By+Hawleri_hacker 作者+ Hawleri_hacker
In addition, IP addresses used by hacker group w4l3XzY3:
此外,黑客组w4l3XzY3使用的IP地址:
- 9.36.102 9.36.102
- 116.213.71 116.213.71
- 213.54.163 213.54.163
- 2A00: 1a48: 7808: 104: 9b57: dda6: eb3c: 61e1 2A00:1a48:7808:104:9b57:dda6:eb3c:61e1
As for the other three attacks launched by Cyb3r-Shia, + By+NeT.Defacer and By+Hawleri_hackequi the IP addresses identifies as follow:
对于Cyb3r-Shia,+ By + NeT.Defacer和By + Hawleri_hackequi发起的其他三种攻击,IP地址标识如下:
- 237.192.22 237.192.22
- 217.81.160 217.81.160
“WordPress has an automatic update feature enabled by default, along with a one-click manual update procedure. Despite this, many people are not aware of this problem that affects the REST API or are not able to update their site. This leads to a large number of compromised and altered sites.”
“ WordPress具有默认情况下启用的自动更新功能,以及一键式手动更新过程。 尽管如此,许多人仍未意识到影响REST API的问题或无法更新其站点。 这导致大量的网站遭到入侵和更改。”
Faced with these threats, we would strongly advise all administrators to upgrade to the latest WordPress 4.7.2. We would also recommend you to block the IP addresses mentioned above.
面对这些威胁,我们强烈建议所有管理员升级到最新的WordPress 4.7.2。 我们还建议您阻止上述IP地址。
翻译自: https://www.eukhost.com/blog/webhosting/update-to-wordpress-4-7-2-now/
222
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
