SiteLock Research shield

This article was co-authored by Security Researcher Wyatt Morgan from SiteLock Research.

 

In the continuing saga of the WordPress REST API vulnerability in WordPress 4.7 and 4.7.1, SiteLock has identified that at least one hacker has launched a campaign specifically attempting remote code execution (RCE) on WordPress websites. The attacks aim to take advantage of WordPress websites using plugins that enable PHP to run inside of posts. If successful, the attack injects a line of code that ultimately downloads a series of malicious files from a Pastebin repository. These malicious files are used to install  backdoors and automatically steal information from  websites. When unsuccessful at remote code execution, the attack overwrites existing posts and leaves behind PHP shortcode.

Read More