WordPress sites are under active attack from more than 16,000 IP addressespublished: 19:52:53 15/12/2021
WordPress once again in the crosshairs 1.6 Million WordPress sites are
under active attack from more than 16,000 IP addresses in a protracted attempt to exploit
multiple known weaknesses in 4 plugins and 15 themes of the Epsilon Framework. WordFence,
the company that specializes in offering add-on WordPress security, said last Thursday that it
had detected and blocked more than 13.7 million attacks aimed at the 4 plugins and 15 themes
over a period of just a day and a half. And that the attacks had the goal of taking over the
websites and carrying out malicious actions.
The four plugins in question are:
● Kiwi Social Share (<= 2.0.10),
● WordPress Automatic (<= 3.53.2)
● Pinterest Automatic (<= 4.14.3), and
● PublishPress Capabilities (<= 2.3)
The 15 vulnerable Epsilon Framework themes . They are:
● Activello (<=1.4.1)
● Affluent (<1.1.0)
● Allegiant (<=1.2.5)
● Antreas (<=1.0.6)
● Bonkers (<=1.0.5)
● Brilliance (<=1.2.9)
● Illdy (<=2.1.6)
● MedZone Lite (<=1.2.5)
● NatureMag Lite (no known patch available)
● NewsMag (<=2.4.1)
● Newspaper X (<=1.3.1)
● Pixova Lite (<=2.0.6)
● Regina Lite (<=2.0.5)
● Shapely (<=1.2.8)
● Transcend (<=1.1.9)
Given that unspoofable TCP connections are required to carry out these attacks, it's clear that a
16,000+ element Botnet has been engaged for this purpose.
The attacks observed by Wordfence involve the adversary updating the "users_can_register"
option to allow anyone to register and setting the "default_role" to administrator. These two
changes allow any successful adversary to register on the vulnerable site and automatically be
assigned administrative privileges, after which they’re in control.
What I want to know, is how it could possibly be that WordPress even offers the option —
anywhere — for "default role" to be set to "administrator" ?!?! — how is that possibly useful?
Module Web Design would highly reccomend updating all your plugins, themes and core wordpress also remove any unused plugins, themes from your website
Module Web Design will be happy to help you provide updates and maintaince feel free to contact us
for more information