WordPress sites have been under attack for 36 hours, from 16,000 IP addresses. Threat Intelligence Analysts from Wordfence, have reported an ongoing assault against 1.6 million WordPress sites. The traffic originates from 16,000 IPs and threat actors appear to be targeting four WordPress plugins and fifteen Epsilon Framework themes. One of which has no patch available at present.
Since 2018, some plugins had patches available and others were just recently released. Wordfence has blocked over 13.7 million attacks since it identified the attacks.
The attackers are abusing instances of Unauthenticated Arbitrary Options Update vulnerabilities. In most cases, they are enabling the ability for self-registration and setting the default role for new accounts to ‘administrator’.
If an attacker self-registers as an administrator, they have essentially compromised the entire web application and all existing user accounts. They can add, update and delete user account details, install/uninstall and delete plugins and perform a variety of malicious actions.
A common use for a compromised WordPress site is to use it as a staging site for phishing campaigns.
The following plugins and versions are vulnerable:
The following themes in the Epsilon framework are vulnerable:
The following actions should be taken immediately:
Sources:
A. https://www.wordfence.com/blog/2021/12/massive-wordpress-attack-campaign/
B. https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
C. https://wordpress.org/support/article/hardening-wordpress/
Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…
Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…
It is an undeniable fact that all applications and infrastructures are essentially in need of…