A massive wave of cyberattacks against more than 1.6 million WordPress sites was identified on December 9th by researchers at Wordfence Security, a well-known WordPress security firm.
According to the firm’s Threat Intelligence Team, the attack makes it possible for hackers to take over vulnerable sites by exploiting weaknesses in four different WordPress plug-ins and several WordPress themes. After initial discovery of this vulnerability, researchers witnessed a staggering 13.7 million attack attempts over a 36-hour period.
How Can I Protect My WordPress Site?
In light of active exploitation, if you are running any of the affected plugins or themes, you should immediately update to the patched version of each product. Developers of the affected plugins and themes have already released patched versions of all their vulnerable products. The one exception is the NatureMag Lite theme. If your website is running this theme, it’s recommended you completely uninstall it until the problem is resolved.
List of Vulnerable Plug-ins & Themes
Affected plugins:
- PublishPress Capabilities – version 2.3
- Kiwi Social Plugin – version 2.0.10
- Pinterest Automatic – version 4.14.3
- WordPress Automatic – version 3.53.2
Affected themes are all a part of the Epsilon Framework. Below is a list of the affected Epsilon Framework themes:
- Shapely – version 1.2.7
- NewsMag – version 2.4.1
- Activello – version 1.4.0
- Illdy – version 2.1.4
- Allegiant – version 1.2.5
- Newspaper X – version 1.3.1
- Pixova Lite – version 2.0.5
- Brilliance – version 1.2.9
- MedZone Lite – version 1.2.4
- Regina Lite – version 2.0.4
- Transcend – version 1.1.8
- Affluent – version 1.1.0
- Bonkers – version 1.0.5
- Antreas – version 1.0.4
- NatureMag Lite – No patch released yet.
If you are using any of these plugins or themes, please ensure that your website is running a version higher than any of the ones listed above.
Need help protecting your organization against cyber attacks? Give us a call at 240-839-5300. We’re here to help!