Wordfence has discovered a massive attack on WordPress sites. Attackers are actively looking for resources that use themes with the Epsilon Framework, which can be vulnerable to a number of function injection problems, which can ultimately lead to a complete compromise of the resource.
According to the company, unknown hackers have already launched about 7,500,000 attacks on more than 1,500,000 sites in an effort to find potentially vulnerable resources. These attacks are reported to originate from 18,000 different IP addresses.
While vulnerabilities in themes using the Epsilon Framework can lead to a complete takeover of a site, and exploit chaining results in Remote Arbitrary Code Execution (RCE), the current attacks are just probing the ground.
Many WordPress themes using the Epsilon Framework are vulnerable to these attacks. The researchers provide the following list of themes and versions:
Below you can see the list of vulnerable WordPress themes:
Shapely (1.2.7);
NewsMag (2.4.1);
Activello (1.4.0);
Illdy (2.1.4);
Allegiant (1.2.2);
Newspaper X (1.3.1);
Pixova Lite (2.0.5);
Brilliance (1.2.7);
MedZone Lite (1.2.4);
Regina Lite (2.0.4);
Transcend (1.1.8);
Affluent (1.1.0);
Bonkers (1.0.4);
Antreas (1.0.2);
NatureMag Lite (1.0.5).
Owners and administrators of sites running vulnerable versions of the listed themes are advised to immediately update them to a fixed version, if available. If there is no patch, you should switch to a different theme as soon as possible.