Your WordPress Pages can be Hacked, if Not Updated

A critical then-secret zero-day bug patched by WordPress that allow remote unauthorized hackers to edit or delete WordPress pages. In addition to the three security issues that affects WordPress 4.7.1 and earlier, an unauthenticated privilege escalation vulnerability identified in a REST API endpoint.WordPress, the world's most popular content management system (CMS), used by millions of websites, pushed update 4.7.2 by the end of January in a patch run that covered SQL injection vulnerabilities and all the addressed security issues.WordPress' previous versions 4.7 and 4.7.1 hit by the remote privilege escalation and content injection hole that allows all Wordpress pages on unpatched sites to be modified, redirecting visitors to exploits and a myriad of attacks. WordPress did not reveal it hoping that hackers would not exploit the flaws they are not aware of.WordPress alerted about this undocumented vulnerability on Jan 20 by Security researcher Marc-Alexandre Montpas. Montpas rated the bug highly critical. "The bug allows the attacker possible to change the content of any post or page on a victim's site," Montpas added. WordPress urged security firms including SiteLock, Cloudflare, and Incapsula along with WordPress hosts. Host work in close collaboration with WordPress security over nine days of disclosure of flaws and patch installations. .However, Security companies did not report live attacks under the rule sets they cooked. "The disclosure of issue was intentionally delayed to give web admins time to update and to to assure the safety of millions of WordPress sites"' says Aaron Campbell, WordPress Core Contributor. "Akamai will monitor for the possible attacks that will come into action once news of the bugs spreads. Currently, it has not detected any exploit attempts" says Akamai principal threat researcher Ryan Barnett. WordPress 4.7.2 is now available which is a security release for all previous versions and strongly recommended you to update your sites immediately.Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.