Security News > 2020 > November > Widespread Scans Underway for RCE Bugs in WordPress Websites
Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers.
"The security flaws on WordPress websites in themes using the Epsilon Framework are just another example of this content management system's inherent security risks," said Ameet Naik, security evangelist at PerimeterX, via email.
Thankfully, an RCE chain has yet to materialize, but that doesn't mean those attacks aren't coming.
"WordPress powers as much as a third of all websites on the internet, including some of the most highly trafficked sites and a large percentage of e-commerce sites, so WordPress security should be of top concern to organizations," said Jayant Shukla, CTO and co-founder of K2 Cyber Security, via email.
"This latest attack, on a recently patched injection vulnerability on WordPress sites using Epsilon Framework themes, is looking for sites that have neglected to install the latest updates. As we know from past research, as many as 60 percent of successful attacks are on vulnerabilities that already have a patch to prevent its exploit. Organizations need to take the security of their WordPress sites more seriously, starting with keeping the plugins and software up-to-date and patched."
News URL
https://threatpost.com/widespread-scans-rce-bugs-wordpress-websites/161374/