WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF network and honeypots closely to see how and when the attackers would try to exploit this issue the wild.
In less than 48 hours after the vulnerability was disclosed, we saw multiple public exploits being shared and posted online. With that information easily available, the internet-wide probing and exploit attempts began.
I really don’t get it. The fact that modern CMS these days are so easy to attack has been known for so long, and yet i’m still seeing so many old wordpress, Joomla or Drupal in the wild. I can understand that updating also came with a risk of its own (mainly your site getting broken), but the headache of trying to fix a broken site is much much less than your data getting stolen or your blog becoming a terrorist organizations advertising banner overnight.