1.6 million WordPress sites hit with barrage of attacks over 36-hour period

Crooks seizing the day with widespread WordPress attacjs

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

An active attack is currently targeting more than a million potentially vulnerableWordPresssites, security researchers have warned.

The attack was uncovered by WordFence’s threat intelligence team whilst it was investigating what seemed to be a “drastic uptick” in attacks targeting vulnerabilities that allow attackers to update arbitrary options on vulnerable sites.

When investigating the trend, the researchers found that over the past 36 hours, their tools blocked more than 13.7 million attacks targeting fourWordPress plugins, as well as several Epsilon Framework themes. These attacks were coming from 16,000 different IP addresses. In total, more than 1.6 million sites were targeted.

Plugins attacked

The plugins - Kiwi Social Share, WordPress Automatic and Pinterest Automatic, as well as PublishPress Capabilities, were all targeted with Unauthenticated Arbitrary Options Update, the researchers said.

The vulnerabilities in these plugins were recently patched (some in August 2021, others in November and December), leading the researchers to conclude that the recent patches may have prompted malicious actors into action. After all, there was “very little” activity from attackers targeting any of these vulnerabilities before December 8, apparently.

Furthermore, the crooks were also targeting a Function Injection vulnerability in various Epsilon Framework themes, as they sought to update arbitrary options,.

Updating vulnerable versions

In most cases, the researchers explained, the attackers are updating the users_can_register option to enabled and setting the default_role option to administrator. That enables them to register an admin account on any of these sites and basically take it over.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Those that use any of the abovementioned plugins are urged to update them to the latest versions, immediately. “Simply updating the plugins and themes will ensure that your site stays safe from compromise against any exploits targeting these vulnerabilities,” WordFence concluded.

Here is the list of the vulnerable plugin versions: PublishPress Capabilities 2.3, Kiwi Social Plugin 2.0.10, Pinterest Automatic 4.14.3, WordPress Automatic 3.53.2.

As for the Epsilon Framework themes, these are the vulnerable versions: Shapely 1.2.8, NewsMag 2.4.1, Activello 1.4.1, Illdy 2.1.6, Allegiant 1.2.5, Newspaper X 1.3.1, Pixova Lite 2.0.6, Brilliance 1.2.9, MedZone Lite 1.2.5, Regina Lite 2.0.5, Transcend 1.1.9, Affluent 1.1.0, Bonkers 1.0.5, Antreas 1.0.6. For NatureMag Lite, there’s still no word of a patch, which is why WordFence recommends users to completely uninstall it until the problem is resolved.

Easily automated vulnerabilities, such as this Unauthenticated Arbitrary Options Update, or susceptibility toDDoS attacks, are a godsend for malicious actors, which is why users are advised to try and automate website vulnerability scans as much as possible.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well