Hackers scan for WordPress sites with issues Epsilon Framework εγκατεστημένα σε περισσότερους από 150.000 ιστότοπους και είναι ευάλωτοι σε επιθέσεις Function Injection that could lead to full access to the sites.
"To date, we have seen an increase of more than 7,5 million attacks against more than 1,5 million websites targeting these vulnerabilities coming from more than 18.000 IP addresses," said Wordfence QA engineer and threat analyst Ram Gall.
Scan for vulnerable sites
The ongoing wave of attacks on vulnerable WordPress sites targets recently fixed vulnerabilities.
While the flaws security found in recent months in themes using the Epsilon Framework could allow websites to be accessed through an exploit chain that results in remote code execution (RCE), most of these ongoing attacks are designed only to detect vulnerabilities.
“We are not providing additional details about the attacks at this time, as the exploit it doesn't seem to be in a mature state yet, and a large number of IP addresses are being used," Gall added.
"These attacks use POST requests on admin-ajax.php and therefore do not leave separate log entries, although they will be visible in Wordfence Live Traffic."
Vulnerable theme editions
These targeted theme versions of Epsilon Framework are known to be vulnerable to these attacks:
- shapely
- NewsMag
- Activello
- illdy
- Allegiant
- Newspaper
- Pixova Lite
- Brilliance
- MedZone Lite
- Regina lite
- Transcend
- affluent
- Bonkers
- Antreas
- NatureMag Lite
Owners and webmasters running vulnerable versions of these themes are advised to notify an update immediately if available.
If no update is available at this time, they should move on to another topic as soon as possible to rule out attacks.
In May, another mass attack campaign targeted some 900.000 WordPress sites in one week, trying to "plant" backdoors or redirect visitors to malicious advertising sites.
A month later, another series of attacks attempted to harvest credentials from the databases of approximately 1,3 million WordPress pages by downloading archives settings.