abstract

If you find that your WordPress article has been modified or deleted, such as being added with malicious code or advertising code or prompted by black intrusion, please upgrade your WordPress program to 4.7.2 as soon as possible.

WordPress 4.7.0 and 4.7.1 found the 0day vulnerability of rest API. If the vulnerability is successfully exploited by hackers, it can bypass the administrator's authority to add, delete, modify and query articles, resulting in risks such as serial modification or even loss of articles.

At present, the vulnerability has been fixed in WordPress 4.7.2 released on January 27, 2017, Beijing time, but a large number of users still haven't upgraded. This security update fixes some security issues in WordPress 4.7.1 and earlier:

• Show news category terms to all users (including unauthorized users)
• WP query is vulnerable to SQL injection (sqli) when passing insecure data. The new version adds enhancements to prevent plug-ins and themes from accidentally leading to vulnerabilities.
• A cross site scripting (XSS) vulnerability was found in the post list table.

If the content of your website is changed in series, the right way is to:

• Upgrade WordPress to the latest version after backup;
• Check and upgrade related plug-ins to the latest version of WordPress;
• Modify "host management password" and "database password";
• Restore the modified article: click "view" on the right side of "article link" in the background to restore to "specified version"
• Delete the added article.