Unknowns attack WordPress sites with the Epsilon Framework

WordPress sites with Epsilon Framework
Written by Emma Davis

Wordfence discovered a massive attack on WordPress sites. Attackers are actively looking for WordPress sites that use themes with the Epsilon Framework, which can be vulnerable to a number of function injection problems, and which can ultimately lead to a complete compromise of the resource.

According to the company, unknown hackers have already launched about 7,500,000 attacks on more than 1,500,000 sites in an effort to find potentially vulnerable resources. These attacks are reported to originate from 18,000 different IP addresses.

While vulnerabilities in themes that use the Epsilon Framework can lead to complete takeover of a site, and exploit chains end up in Remote Arbitrary Code Execution (RCE), the current attacks are just probing the ground.

We are currently not providing further details on these attacks as used by the hackers exploit is still in development and due to the use of a large number of IP addresses. These attacks use POST requests to admin-ajax.php and do not leave separate entries in the logs, although they are visible in Wordfence Live Traffic.write the Wordfence engineers.

Many WordPress themes using the Epsilon Framework are vulnerable to these attacks. The researchers provide the following list of themes and versions:

  • Shapely (1.2.7);
  • NewsMag (2.4.1);
  • Activello (1.4.0);
  • Illdy (2.1.4);
  • Allegiant (1.2.2);
  • Newspaper X (1.3.1);
  • Pixova Lite (2.0.5);
  • Brilliance (1.2.7);
  • MedZone Lite (1.2.4);
  • Regina Lite (2.0.4);
  • Transcend (1.1.8);
  • Affluent (1.1.0);
  • Bonkers (1.0.4);
  • Antreas (1.0.2);
  • NatureMag Lite (1.0.5).

Owners and administrators of sites running vulnerable versions of the listed themes are advised immediately update them to a fixed version, if available. If there is no patch, users should switch to a different theme as soon as possible.

Let me remind you that not so long ago Defiant specialists, which developed the Wordfence, warned that vulnerabilities in the Ultimate Member WordPress Plugin put 100,000 sites at risk.

User Review
5 (1 vote)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply