Recent intelligence reveals a significant cybersecurity incident targeting approximately 1.6 million WordPress websites. This widespread attack is initiated from 16,000 distinct IP addresses, exploiting vulnerabilities in four specific plugins and 15 Epsilon Framework themes. The security firm Wordfence, which monitors these threats, reported on the escalating attack pattern in a release published last week.
According to Wordfence, a staggering 13.7 million attempts to compromise these WordPress installations were detected and neutralized within just 36 hours. The adversary’s objective appears to be the unauthorized takeover of these websites for malicious purposes. The scale of this operation underscores the urgency for WordPress users to assess their security postures promptly.
Identified vulnerabilities lie within several plugins, including Kiwi Social Share (version 2.0.10 or lower), WordPress Automatic (version 3.53.2 or lower), Pinterest Automatic (version 4.14.3 or lower), and PublishPress Capabilities (version 2.3 or lower). Some of these issues were documented as far back as November 2018, indicating long-standing security gaps. Additionally, the affected Epsilon Framework themes include various popular options, each with specific version thresholds.
The attack methods observed are particularly concerning, as they involve manipulating configuration settings. The perpetrators are reportedly altering the “users_can_register” option, allowing anyone to register on the site, and adjusting the “default_role” to administrator. These changes enable adversaries to register as privileged users, gaining unauthorized control over compromised sites.
Alarmingly, activity surged dramatically after December 8, suggesting a correlation with the recent patch addressing vulnerabilities in PublishPress Capabilities. This may have prompted attackers to further exploit Arbitrary Options Update vulnerabilities across various themes and plugins, as outlined by Chloe Chamberland from Wordfence.
In light of these developments, it is imperative for WordPress administrators running any of the affected plugins or themes to implement the latest security updates without delay, thereby reducing the risk of compromise. The potential implications of such intrusions highlight the necessity for vigilant cybersecurity practices among business owners managing WordPress sites.
