Description:
Detected spammy posts with lots of links with dating related keywords.
In March of 2017 such posts had been created as a result of exploitation of security holes in WordPress (version 4.7 and 4.7.1) REST API.
Spammy posts have long lists of about 200 links per post.
<a href="hxxp://rosadodesertobrasil[.]com.br/data">uomo cerco uomo bologna</a><br /> <a href="hxxp://grozbox[.]ru/journal">grozbox.ru</a><br /> <a href="hxxp://help-plus[.]de/img">n<<tdejting svarar inte router</a><br /> <a href="hxxp://kurgan.inueco[.]ru/wordpress">site de rencontre vive les rondes</a><br /> <a href="hxxp://driquet[.]com/site">hur ska man dejta en tjej</a><br /> <a href="hxxp://mistergenius[.]be/journal">nom des sites de rencontres</a><br />
Affecting: WordPress sites that were not quick enough to upgrade to version 4.7.2 in February of 2017.
Cleanup: Delete spammy posts. Upgrade WordPress to the latest version.
For more information read: SEO Spam Campaign Exploiting WordPress REST API Vulnerability