Overview
Epsilon Framework WordPress themes are attacked in large-scale as reported by Wordfence. Vulnerable themes should be updated immediately, since through code injection attacks, vulnerable themes could lead to full site takeovers by attackers.
Description
Wordfence announces that more than 1.5 million sites have been targeted with about 7.5 million attacks, in search for existing vulnerabilities on these web sites. It is estimated that currently more than 150.000 sites are using Epsilon Framework based WordPress and the attackers are trying to enumerate those sites.
According to the Wordfence researchers, the attacks mostly appear to be probing whether a site has a vulnerable theme installed or not, rather than actively exploiting them. If exploited, attackers could gain full site takeovers through remote code execution on the vulnerable sites.
The following versions of the themes are listed as vulnerable and should be updated immediately.
- Activello <= 1.4.0
- Affluent <= 1.1.0
- Allegiant <= 1.2.2
- Antreas <= 1.0.2
- Bonkers <= 1.0.4
- Brilliance <= 1.2.7
- Illdy <= 2.1.4
- MedZone Lite >= 1.2.4
- NatureMag Lite <= 1.0.5
- NewsMag <= 2.4.1
- Newspaper X <= 1.3.1
- Pixova Lite <= 2.0.5
- Regina Lite <= 2.0.4
- Shapely <= 1.2.7
- Transcend <= 1.1.8
Impact
An unauthenticated remote attacker can execute arbitrary code in the targeted systems, allowing the threat actor to gain full takeover of the targeted site.
Impact Summary
Category: Remote Code Execution
CVSS 3.1 Base Score: N/A
CVSS 3.1 Vector: N/A
Solution (Update)
To defend against possible attacks due to this vulnerability, vulnerable WordPress themes should either be updated or replaced with other invulnerable themes.
Also, as a rule of thumb, the attack surface should be decreased by identifying a minimal set of essential and critical plugins to be installed in WordPress. The selected plugins should come from trustworthy sources and and the most trusted version should be installed in your system. Don’t forget that each theme and plugin come with their own vulnerabilities to be exploited by the hackers. Read more on how to secure WordPress sites.
References to Advisories, Solutions and Tools
To learn more about how to protect your WordPress site, you can also read How to Secure Your WordPress Site?