Hackers Probing 1.5 Million WordPress Sites With Epsilon Framework Themes

By   ISBuzz Team
Writer , Information Security Buzz | Nov 19, 2020 03:34 am PST

Researchers have found threat actors probing WordPress websites with Epsilon Framework themes installed on over 150,000 sites which are vulnerable to Function Injection attacks that could lead to full site takeovers. Just yesterday, they saw a surge of more than 7.5 million attacks against more than 1.5 million sites targeting these vulnerabilities, coming from over 18,000 IP addresses. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ameet Naik
Ameet Naik , Security Evangelist
November 19, 2020 11:36 am

The security flaws on WordPress websites in themes using the Epsilon Framework are just another example of this contact management system’s inherent security risks. Shadow Code introduced via third-party plugins and frameworks vastly expands the attack surface for websites. Website owners need to be vigilant about third-party plugins and framework and stay on top of security updates. Consumers must continue to be vigilant while shopping online, use multi-factor authentication where allowed and continue to monitor their credit reports for signs of identity theft.

Last edited 3 years ago by Ameet Naik

Recent Posts

Would love your thoughts, please comment.x