Home Cyber Attacks 1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses

1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses

WordPress

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes.

WordPress security company Wordfence, which disclosed details of the attacks, said Thursday it had detected and blocked more than 13.7 million attacks aimed at the plugins and themes in a period of 36 hours with the goal of taking over the websites and carrying out malicious actions.

Automatic GitHub Backups

The plugins in question are Kiwi Social Share (

  • Activello (
  • Affluent (
  • Allegiant (
  • Antreas (
  • Bonkers (
  • Brilliance (
  • Illdy (
  • MedZone Lite (
  • NatureMag Lite (no known patch available)
  • NewsMag (
  • Newspaper X (
  • Pixova Lite (
  • Regina Lite (
  • Shapely (
  • Transcend (

Most of the attacks observed by Wordfence involve the adversary updating the “users_can_register” (i.e., anyone can register) option to enabled and setting the “default_role” setting (i.e., the default role of users who register at the blog) to administrator, thereby allowing an adversary to register on the vulnerable sites as a privileged user and seize control.

What’s more, the intrusions are said to have spiked only after December 8, indicating that “the recently patched vulnerability in PublishPress Capabilities may have sparked attackers to target various Arbitrary Options Update vulnerabilities as part of a massive campaign,” Wordfence’s Chloe Chamberland said.

In light of active exploitation, WordPress site owners running any of the aforementioned plugins or themes are recommended to apply the latest fixes to mitigate the threat.



Source link

Related Articles

Leave a Comment

deneme bonusu veren sitelerbahis casinomakrobetceltabetholiganbetpinbahispolobetgizabetaresbetlordbahisladesbetbetofbettrbet