Security News > 2021 > December > Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

An active attack against more than 1.6 million WordPress sites is underway, with researchers spotting tens of millions of attempts to exploit four different plugins and several Epsilon Framework themes.

In November 2020, Wordfence observed an operation that targeted this list with "Probing attacks," meant to test whether sites were unpatched and vulnerable.

This time, the attackers are attempting to again update arbitrary options in order to take over a site by creating an administrator account, researchers said.

"We strongly recommend ensuring that any sites running one of these plugins or themes has been updated to the patched versionSimply updating the plugins and themes will ensure that your site stays safe from compromise against any exploits targeting these vulnerabilities."

"If the site is running a vulnerable version of any of the four plugins or various themes, and there is a rogue user account present, then the site was likely compromised via one of these plugins," they explained.

In October researchers discovered a high-severity vulnerability in the Hashthemes Demo Importer plugin that allows subscribers to wipe sites clean of content.

News URL

https://threatpost.com/active-attack-takeover-wordpress/176933/