Cybersecurity researchers have uncovered vulnerabilities in millions of WordPress sites that use the Epsilon Framework; It made it endangered and exploited by pirates.
The vulnerabilities, according to a techradar report , came after the company made updates to solve a number of security issues; But it caused millions of websites to be compromised after they were exposed to millions of attacks.
The attack was discovered by the WordPress firewall plug-in team, who did not share numerous details about the hacking operations.
“On November 17, our Threat Control team observed a broad wave of attacks exploiting recently reported vulnerabilities in Epsilon Framework templates installed on nearly 150,000 sites,” Wordfence said in a statement.
Gall also explained that the severity of attacks increased by targeting these vulnerabilities at a rate of more than 7.5 million attacks on 1.5 million sites coming from 18,000 different IP addresses; The following versions of Epsilon Framework templates are still under threat:
- Shapely <=1.2.7
- NewsMag <=2.4.1
- Activello <=1.4.0
- Illdy <=2.1.4
- Allegiant <=1.2.2
- Newspaper X <=1.3.1
- Pixova Lite <=2.0.5
- Brilliance <= 1.2.7
- MedZone Lite <=1.2.4
- Regina Lite <=2.0.4
- Transcend <= 1.1.8
- Prosperous < 1.1.0
- Bonkers <=1.0.4
- Antreas <= 1.0.2
- NatureMag Lite <=1.0.5
Relying on the report, the majority of attacks and hacking that the template encountered were aimed at verifying the existence of vulnerabilities that could completely take over the targeted sites.
Note that whether the website is running on one of the at-risk template versions; It is essential to update to a version that has a workaround; But provided it is not available, it is better to temporarily switch to another option or rely on WordPress firewall plugins.