1.6 million WordPress sites have been targeted by a large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes.
The impacted Epsilon Framework themes and their corresponding versions are: Activello (<=1.4.1); Affluent (<1.1.0); Allegiant (<=1.2.5); Antreas (<=1.0.6); Bonkers (<=1.0.5); Brilliance (<=1.2.9); Illdy (<=2.1.6); MedZone Lite (<=1.2.5); NatureMag Lite (no known patch available); NewsMag (<=2.4.1); Newspaper X (<=1.3.1); Pixova Lite (<=2.0.6); Regina Lite (<=2.0.5); Shapely (<=1.2.8); Transcend (<=1.1.9).
WordPress security company Wordfence had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a period of 36 hours with the goal of taking over the websites and carrying out malicious actions.
Most of the attacks observed by Wordfence involve the adversary updating the "users_can_register" option to enabled and setting the "default_role" setting (i.e., the default role of users who register at the blog) to administrator, thereby allowing an adversary to register on the vulnerable sites as a privileged user and seize control.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
