Hackers Probing 1.5 Million WordPress Sites With Epsilon Framework Themes

Researchers have found threat actors probing WordPress websites with Epsilon Framework themes installed on over 150,000 sites which are vulnerable to Function Injection attacks that could lead to full site takeovers. Just yesterday, they saw a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses. 

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Ameet Naik
Ameet Naik , Security Evangelist
InfoSec Expert
November 19, 2020 11:36 am

The security flaws on WordPress websites in themes using the Epsilon Framework are just another example of this contact management system’s inherent security risks. Shadow Code introduced via third-party plugins and frameworks vastly expands the attack surface for websites. Website owners need to be vigilant about third-party plugins and framework and stay on top of security updates. Consumers must continue to be vigilant while shopping online, use multi-factor authentication where allowed and continue to monitor their credit reports for signs of identity theft.

Last edited 1 year ago by Ameet Naik
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x