Hackers Attacked 1.6 Million WordPress Sites Via Four Different Vulnerable Plugins

In a recent wave of attacks, hackers targeted 1.6 million WordPress sites by exploiting unpatched exploits in multiple plugins.

Huge Wave Of Attacks On WordPress Sites Via Vulnerable Plugins

Wordfence has recently spotted a “drastic uptick in attacks” on WordPress websites. Investigating the matter allowed them locate a colossal campaign of cyber-attacks going on via vulnerable plugins.

As elaborated in their post, the hackers exploited four different vulnerable plugins to target 1.6 million websites over a period of 36 hours. The researchers spotted the campaign as they blocked 13.7 million such attempts. These attacks originated from more than 16,000 IP addresses. Whereas, the attackers targeted multiple Epsilon Framework themes along with the four plugins to execute the attacks.

Specifically, the attackers abused Unauthenticated Arbitrary Options Update bugs in the plugins that include Kiwi Social Share, WordPress Automatic, Pinterest Automatic, and PublishPress Capabilities. Whereas for the Epsilon Framework themes, they targeted the Function Injection vulnerability.

Wordfence noticed a sudden spike in the attacks after December 8, 2021. Consequently, the attackers conducted thousands of attacks from different IPs.

Patches Released Already

Wordfence confirmed that all four plugins have already addressed the flaw. The latest patch arrived from the PublishPress Capabilities plugin just days before the bug went under attack.

Despite the patches already in place (at least, in the case of three plugins), the extent of the attacks hints at the users’ ignorance towards keeping the sites updated.

Users of these four plugins should ensure that their websites are running the following or later versions.

Similarly, the vulnerable Epsilon Framework themes have also addressed the flaw, the list of which is available in Wordfence’s post.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients