SiteLock Research shield

This article was co-authored by Security Researcher Wyatt Morgan from SiteLock Research.

 

This month we’ve seen WordPress websites bombarded with defacements and remote code execution attempts by abusing a vulnerability in the WordPress REST API. As could be expected, compromises motivated by financial gain have now made their debut through the same vector. This most recent flavor of defacements focuses on driving traffic to a rogue pharmacy website, where the visitor is encouraged to purchase — you guessed it, “authentic” erectile dysfunction medication.

Read More