By exploiting weaknesses in four plug-ins and 15 Epsilon framework themes, as many as 1.6 million WordPress sites have become the target of large-scale attacks from 16,000 IP addresses.
WordPress security company Wordfence, which Disclosure The details of the attack stated on Thursday that it has detected and blocked more than 13.7 million attacks on plugins and themes in 36 hours, with the purpose of taking over the website and performing malicious actions.
The problematic plugins are Kiwi Social Share (<= 2.0.10), WordPress Automatic (<= 3.53.2), Pinterest Automatic (<= 4.14.3) and PublishPress Capabilities (<= 2.3), some of which have been patched and dated It goes back to November 2018. The affected Epsilon framework themes and their corresponding versions are as follows-
- Activello (<=1.4.1)
- Wealthy (<1.1.0)
- Loyalty (<=1.2.5)
- Antreas (<=1.0.6)
- Crazy (<=1.0.5)
- Brightness (<=1.2.9)
- Ildy (<= 2.1.6)
- MedZone Lite Edition (<=1.2.5)
- NatureMag Lite (no known patch available)
- News Magazine (<=2.4.1)
- Newspaper X (<=1.3.1)
- Pixova Lite (<=2.0.6)
- Regina Lite (<=2.0.5)
- Well-proportioned (<=1.2.8)
- Beyond (<=1.1.9)
Most attacks observed by Wordfence involve adversaries renew The “users_can_register” (that is, anyone can register) option is enabled and the “default_role” setting (that is, the default role of users registered on the blog) is set to administrator, allowing attackers to register as Privileged users and seize control.
More importantly, intrusions are said to have surged only after December 8, which indicates that “vulnerabilities in the recently patched PublishPress feature may have caused attackers to update vulnerabilities with various arbitrary options as part of a large-scale attack.” Chloe Chamberland of Wordfence Say.
In view of active exploitation, it is recommended that WordPress site owners running any of the above plugins or themes apply the latest fixes to mitigate the threat.
