Wordfence Company warns about a massive attack wave targeting 1.6 million WordPress sites. The attacks originate from 16,000 IP addresses and target four WordPress plugins and fifteen Epsilon Framework themes.
Attacks target plugins Kiwi Social Share (version 2.0.10 or below), WordPress Automatic (version 3.53.2 or below), Pinterest Automatic (version 4.14.3 or below) and PublishPress Capabilities (version 2.3 or below), some of which received patches back in November 2018.
As far as Epsilon Framework topics are concerned:
- Shapely – version 1.2.8 and below;
- NewsMag – version 2.4.1 and below;
- Activello – version 1.4.1 and below;
- Illdy – version 2.1.6 and below;
- Allegiant – version 1.2.5 and below;
- Newspaper X – version 1.3.1 and below;
- Pixova Lite – version 2.0.6 and below;
- Brilliance – version 1.2.9 and below;
- MedZone Lite – version 1.2.5 and below;
- Regina Lite – version 2.0.5 and below;
- Transcend – version 1.1.9 and below;
- Affluent – version 1.1.0 and below;
- Bonkers – version 1.0.5 and below;
- Antreas – version 1.0.6 and below;
- NatureMag Lite – there is no patch, it is recommended to delete the theme.
“In most cases, attackers update the users_can_register setting to be enabled and set the default_role setting to administrator, experts explain. “This gives attackers the ability to register on any site as an administrator, effectively taking control of the resource.”
WordPress site owners using any of the above plugins and themes are advised to apply the latest patches and remove NatureMag Lite immediately.