[ALERT CERT] – Multiple WordPress vulnerabilities versions < 4.7.2

CERT-DVT Alerte CERT, Non classé

Three wordpress vulnerabilities have been disclosed those last few days :

Versions below 4.7.2 are concerned. The main conerne is the module API REST that is enabled by default since the 4.7.0 release.

The criticity of those vulnerabilities is rated as critical by the CERT.

Many WordPress blogs and websites were automatically targeted by defacement teams taking advantage of this.

We recommend an immediate upgrade to the last WordPress version which is the 4.7.2