Module Web Design - We specialise in helping your business to be more successful online
We specialise in helping your business to be more successful online

Categories
News
Security
Privacy
Automation
Archive
2024
   May
2023
   April
   March
2022
   December
   August
   January
2021
   December
2016
   January
WordPress sites are under active attack from more than 16,000 IP addresses

WordPress sites are under active attack from more than 16,000 IP addresses

published: 19:52:53 15/12/2021

WordPress once again in the crosshairs 1.6 Million WordPress sites are
under active attack from more than 16,000 IP addresses in a protracted attempt to exploit
multiple known weaknesses in 4 plugins and 15 themes of the Epsilon Framework. WordFence,
the company that specializes in offering add-on WordPress security, said last Thursday that it
had detected and blocked more than 13.7 million attacks aimed at the 4 plugins and 15 themes
over a period of just a day and a half. And that the attacks had the goal of taking over the
websites and carrying out malicious actions.
 
The four plugins in question are:
● Kiwi Social Share (<= 2.0.10),
● WordPress Automatic (<= 3.53.2)
● Pinterest Automatic (<= 4.14.3), and
● PublishPress Capabilities (<= 2.3)
 
The 15 vulnerable Epsilon Framework themes . They are: 
● Activello (<=1.4.1)
● Affluent (<1.1.0)
● Allegiant (<=1.2.5)
● Antreas (<=1.0.6)
● Bonkers (<=1.0.5)
● Brilliance (<=1.2.9)
● Illdy (<=2.1.6)
● MedZone Lite (<=1.2.5)
● NatureMag Lite (no known patch available)
● NewsMag (<=2.4.1)
● Newspaper X (<=1.3.1)
● Pixova Lite (<=2.0.6)
● Regina Lite (<=2.0.5)
● Shapely (<=1.2.8)
● Transcend (<=1.1.9)
 
Given that unspoofable TCP connections are required to carry out these attacks, it's clear that a
16,000+ element Botnet has been engaged for this purpose.
The attacks observed by Wordfence involve the adversary updating the "users_can_register"
option to allow anyone to register and setting the "default_role" to administrator. These two
changes allow any successful adversary to register on the vulnerable site and automatically be
assigned administrative privileges, after which they’re in control.
 
What I want to know, is how it could possibly be that WordPress even offers the option —
anywhere — for "default role" to be set to "administrator" ?!?! — how is that possibly useful?
 
Module Web Design  would highly reccomend updating all your plugins, themes and core wordpress  also remove any unused  plugins, themes   from your website 
 
Module Web Design  will be happy to help you provide updates and maintaince


Did you find this article useful and would like to know more or would like help on this topic.

If so please contact Module Web Design on our contact us page for more information and we will be happy to help you.