Unknown threat actors targets WordPress websites with Epsilon Framework themes and vulnerable to Injection attacks that could lead to full site takeovers.
Unknown threat actors targets WordPress websites with Epsilon Framework themes and vulnerable to Injection attacks that could lead to full site takeovers.
The Threat Intelligence team spotted a large-scale wave of attacks on November 17, 2020, against potentially vulnerable WordPress websites targeting recently patched vulnerabilities.
"So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses," Wordfence QA engineer and threat analyst Ram Gall said.
The security flaws targeted by the threat actors could allow them to take over WordPress installs through an exploit chain ending in remote code execution (RCE).
The researcher did not provide additional details on the attacks because the exploit does not yet seem to be in a mature state, and a large number of IP addresses are in use.
"These attacks use POST requests to admin-ajax.php and as such do not leave distinct log entries, though they will be visible in Wordfence Live Traffic."
Below a list of themes and related versions of targeted Epsilon Framework themes that are known to be vulnerable to the above attacks:
Shapely<=1.2.7
NewsMag<=2.4.1
Activello<=1.4.0
Illdy<=2.1.4
Allegiant<=1.2.2
Newspaper X <=1.3.1
Pixova Lite<=2.0.5
Brilliance<=1.2.7
MedZone Lite<=1.2.4
Regina Lite<=2.0.4
Transcend<=1.1.8
Affluent<1.1.0
Bonkers<=1.0.4
Antreas<=1.0.2
NatureMag Lite <=1.0.5
Admins and owners of websites running vulnerable versions of these themes are advised to update to a patched version if available immediately.
If no patch is currently available for the installed theme, they should shift to another theme immediately to block attack attempts.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?