As quite a few as 1.6 million WordPress web pages have been targeted by an energetic significant-scale attack marketing campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes.
WordPress security firm Wordfence, which disclosed particulars of the attacks, reported Thursday it had detected and blocked far more than 13.7 million attacks aimed at the plugins and themes in a period of time of 36 several hours with the purpose of getting around the websites and carrying out malicious steps.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The plugins in question are Kiwi Social Share (<= 2.0.10), WordPress Automatic (<= 3.53.2), Pinterest Automatic (<= 4.14.3), and PublishPress Capabilities (<= 2.3), some of which have been patched dating all the way back to November 2018. The impacted Epsilon Framework themes and their corresponding versions are as follow —
- Activello (<=1.4.1)
- Affluent (<1.1.0)
- Allegiant (<=1.2.5)
- Antreas (<=1.0.6)
- Bonkers (<=1.0.5)
- Brilliance (<=1.2.9)
- Illdy (<=2.1.6)
- MedZone Lite (<=1.2.5)
- NatureMag Lite (no known patch available)
- NewsMag (<=2.4.1)
- Newspaper X (<=1.3.1)
- Pixova Lite (<=2.0.6)
- Regina Lite (<=2.0.5)
- Shapely (<=1.2.8)
- Transcend (<=1.1.9)
Most of the attacks noticed by Wordfence involve the adversary updating the “consumers_can_sign up” (i.e., everyone can sign up) option to enabled and placing the “default_role” environment (i.e., the default position of customers who sign-up at the web site) to administrator, thereby making it possible for an adversary to register on the susceptible web pages as an administrator and seize regulate.
What is actually more, the intrusions are mentioned to have spiked only immediately after December 8, indicating that “the recently patched vulnerability in PublishPress Capabilities may perhaps have sparked attackers to focus on several Arbitrary Solutions Update vulnerabilities as aspect of a large campaign,” Wordfence’s Chloe Chamberland said.
In light of energetic exploitation, WordPress web site homeowners running any of the aforementioned plugins or themes are recommended to utilize the latest fixes to mitigate the menace.
Observed this write-up exciting? Observe THN on Fb, Twitter and LinkedIn to browse more exceptional content material we post.
Some pieces of this report are sourced from:
thehackernews.com