Security researchers recently detected a large-scale malicious campaign targeting themes that utilize the Epsilon Framework. Threat actors took advantage of Function Injection vulnerabilities in a number of WordPress themes.
Epsilon Framework vulnerabilities in WordPress themes put millions of sites at risk
According to Wordfence researchers, the themes are installed on more than 150 thousand websites. However, their estimate reveals hackers have launched more than 7.5 million attacks against at least 1.5 million sites. Why are the numbers so big? “While we occasionally see attacks targeting a large number of sites, most of them target older vulnerabilities,” Wordfence says.
The numerous attacks are targeting security flaws patched in the past several months. The researchers have provided a list of vulnerable plugins and versions currently prone to cyberattacks:
Shapely <=1.2.7 NewsMag <=2.4.1 Activello <=1.4.0 Illdy <=2.1.4 Allegiant <=1.2.2 Newspaper X <=1.3.1 Pixova Lite <=2.0.5 Brilliance <=1.2.7 MedZone Lite <=1.2.4 Regina Lite <=2.0.4 Transcend <=1.1.8 Affluent <1.1.0 Bonkers <=1.0.4 Antreas <=1.0.2 NatureMag Lite <=1.0.5
Security researchers believe that most of the attacks are probing, attempting to determine whether a site runs a vulnerable theme. However, website owners should be warned that remote code execution exploits are possible with these specific flaws. “These attacks use POST requests to admin-ajax.php and as such do not leave distinct log entries, though they will be visible in Wordfence Live Traffic,” the Wordfence team adds.
How to protect your website
In case your site is using one of the plugins mentioned above, it is highly recommended to update it. However, if a patched version is not yet available, you can temporarily use another theme or a firewall to block any attack attempts. Note that you should download a backup copy of the current theme if you have customized it.
You can also check if your installed plugins, widgets, and other apps are running on their latest versions. All these elements can be vulnerable to cyberattacks, as evident by the increasing reports we see almost daily. So, check all active site apps for vulnerable code, just to be sure your site is safe. You can read more web security tips in HowToHosting.Guide’s dedicated article.