A recent discovery of a content injection vulnerability in the REST API for WordPress was patched before being published. However, since many organizations delay before implementing patches either because of change management policies or simple procrastination, thousands of sites were targeted by malicious users, allowing unauthorized additions and modifications to WordPress sites. While a large portion of the news media focused on the noticeable defacement of many pages, including over 80,000 sites defaced by a single individual, NIATEC teams examined the potential hazards to organizations from less visible injections.
During their weekly CIO meeting, NIATEC workers discussed important decisions C-suite executives need to consider when creating and modifying policies regarding change-management and updates. While NIATEC does not recommend WordPress because of past vulnerabilities of a critical nature, individuals noted much of the damage from this vulnerability could have been avoided if the patch had been applied in a timely manner. This raised discussion about timing, capability, and impact, and a general consensus that critical vulnerabilities should be identified using automated tools or assistants in order to fast-track patch testing and implementation for those vulnerabilities.
NIATEC workers are currently analyzing a particularly subtle strain of Javascript redirect codes placed on numerous websites that likely found their way onto websites as a direct result of this vulnerability. If you notice your WordPress site causing a redirect to advertisement or phishing sites (called malvertising), even if you can't reproduce the effect, we encourage you to contact us at niatec@iri.isu.edu.
More details about this specific vulnerability can be found on the Sucuri security blog.
