Wordfence discovered a massive attack on WordPress sites. Attackers are actively looking for WordPress sites that use themes with the Epsilon Framework, which can be vulnerable to a number of function injection problems, and which can ultimately lead to a complete compromise of the resource.
According to the company, unknown hackers have already launched about 7,500,000 attacks on more than 1,500,000 sites in an effort to find potentially vulnerable resources. These attacks are reported to originate from 18,000 different IP addresses.While vulnerabilities in themes that use the Epsilon Framework can lead to complete takeover of a site, and exploit chains end up in Remote Arbitrary Code Execution (RCE), the current attacks are just probing the ground.
Many WordPress themes using the Epsilon Framework are vulnerable to these attacks. The researchers provide the following list of themes and versions:
- Shapely (1.2.7);
- NewsMag (2.4.1);
- Activello (1.4.0);
- Illdy (2.1.4);
- Allegiant (1.2.2);
- Newspaper X (1.3.1);
- Pixova Lite (2.0.5);
- Brilliance (1.2.7);
- MedZone Lite (1.2.4);
- Regina Lite (2.0.4);
- Transcend (1.1.8);
- Affluent (1.1.0);
- Bonkers (1.0.4);
- Antreas (1.0.2);
- NatureMag Lite (1.0.5).
Owners and administrators of sites running vulnerable versions of the listed themes are advised immediately update them to a fixed version, if available. If there is no patch, users should switch to a different theme as soon as possible.
Let me remind you that not so long ago Defiant specialists, which developed the Wordfence, warned that vulnerabilities in the Ultimate Member WordPress Plugin put 100,000 sites at risk.