Recently released data has revealed that more than 1.5 million WordPress pages have been hacked.
According to the security organization that realized the vulnerability, there are hackers who were trying to use it with the aim of taking over the sites rather than just spoiling the pages.
Blog owners are urged by WordPress to update software in order to avoid being victims., reports BBC News.
It is said that the vulnerability exists in an add-on for the WordPress blogging software that was introduced in version that was released in the end of the year 2016.
On January 20th Sucuri, the security firm which found the vulnerability which it termed as “severe bug” informed WordPress about it.
In their blogpost, WordPress said that they wanted to prompt the hosting companies to update their software in order to fix the version and that is the reason as to why they had delayed going public about the flaw.
On 26th January, the patched version of WordPress was released. It was then led to most of the WordPress sites and blogs in which automatic updates were applied.
However, many blogs are still at risk of defacement attacks since they have not followed the suit.
According to a security firm known as WordFence, there are evidences of 20 hacker groups which had made attempts to meddle with vulnerable sites and approximately 40,000 blogs are believed to have been affected.
Speaking to the Bleeping Computer tech news site, the WordFence founder Mark Maunder said that among the hacker groups which have been set off by the vulnerability is “feeding frenzy.
“During the past 48 hours, we have witnessed 800,000 attacks exploiting this specific vulnerability across the WordPress sites that we monitor,” added Mr. Mark.
On their side, Sucuri claimed that some of the hacker groups had already moved on from defacement to attempts to highjack sites for their own end by the use of the bug.
Sucuri also added that hackers were very keen in using the vulnerable sites as proxies for spam or malware campaigns.