A Wordfence report points to the detection of a wave of attacks against at least 1.6 million WordPress websites. According to the report, hackers are using some 16,000 malicious IP addresses to exploit flaws in four plugins and 15 themes for Epsilon Framework websites.
Some of the compromised plugins and themes received updates over the past week, though there’s still one implementation that remains compromised. Below is the list of plugins and themes compromised during this campaign:
Plugins:
- PublishPress Capabilities
- Kiwi Social Plugin
- Pinterest Automatic
- WordPress Automatic
Themes:
- Shapely
- NewsMag
- Activello
- Illdy
- Allegiant
- Newspaper X
- Pixova Lite
- Brilliance
- MedZone Lite
- Regina Lite
- Transcend
- Affluent
- Bonkers
- Antreas
- NatureMag Lite
Among these tools, NatureMag Lite has no patches available. According to the report, most attacks are related to the users_can_register option, exploited by threat actors to configure the option default_role as an administrator user. In this way, threat actors can register on any website as an administrator and take full control of the affected platforms.
To check the integrity of a potentially affected website, administrators can review all user accounts and look for any recently registered unauthorized additions. Subsequently, review the website settings in http://examplesite.com/wp-admin/options-general.php in order to verify the Membership section.
The best way to prevent this attack is to keep plugins, themes, and other WordPress tools always up to date to the latest version available. For users of NatureMag, which has not received updates, the researchers recommend disabling the compromised theme, at least until the developers of the theme release the required updates.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.