Now Reading
Hacked millions of WordPress pages!

Hacked millions of WordPress pages!

Hackers scan Epsilon Framework-themed WordPress sites installed on more than 150.000 sites and are vulnerable to Function Injection attacks that could lead to full access to the sites.

Screenshot 2020 11 18 Hackers are actively probing millions of WordPress sites - Hacked millions of WordPress pages!

"To date, we have seen an increase of more than 7,5 million attacks against more than 1,5 million websites targeting these vulnerabilities coming from more than 18.000 IP addresses," said Wordfence QA engineer and threat analyst Ram Gall.

Scan for vulnerable sites

The ongoing wave of attacks on vulnerable WordPress sites targets recently fixed vulnerabilities.

While security vulnerabilities identified in recent months in issues using the Epsilon Framework could allow sites to be accessed through a remote code execution (RCE) exploit chain, most of these ongoing attacks are designed to detect only vulnerabilities.

"We are not providing further details about the attacks at this time, as exploit does not appear to be in a mature state and a large number of IP addresses are being used," Gall added.

"These attacks use POST requests on admin-ajax.php and therefore do not leave separate log entries, although they will be visible in Wordfence Live Traffic."

Vulnerable theme editions

These targeted theme versions of Epsilon Framework are known to be vulnerable to these attacks:

Owners and webmasters running vulnerable versions of these themes are advised to notify an update immediately if available.

If no update is available at this time, they should move on to another topic as soon as possible to rule out attacks.

In May, another mass attack campaign targeted some 900.000 WordPress sites in one week, trying to "plant" backdoors or redirect visitors to malicious advertising sites.

One month later, another series of attacks attempted to collect credentials from databases of about 1,3 million pages with WordPress by downloading configuration files.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News

View Comments (0)

Leave a Reply

Your email address Will not be published.


iGuRu.gr © 2012 - 2021 Keep it Simple Stupid Custom Theme

Scroll To Top