Security News > 2020 > November > Hackers are actively probing millions of WordPress sites
Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers.
"So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses," Wordfence QA engineer and threat analyst Ram Gall said.
The ongoing large-scale wave of attacks against potentially vulnerable WordPress websites is targeting recently patched vulnerabilities.
In May, another massive attack campaign targeted roughly 900,000 WordPress sites within a single week trying to plant backdoors or redirect visitors to malvertising sites.
One month later, another series of attacks attempted to harvest database credentials from approximately 1.3 million WordPress sites by downloading configuration files.