1.6 million WordPress Sites Were Attacked

WordPress is a free and open-source content management system (CMS) developed in PHP and used in conjunction with a MySQL or MariaDB database.

WordPress started as a blog-publishing system but has now extended to include other types of web content such as more traditional mailing lists and forums, media galleries, membership sites, learning management systems (LMS), and online commerce.

What Happened?

A significant wave of assaults originating from 16,000 IP addresses and targeting over 1.6 million WordPress sites was noticed by the cybersecurity specialists from Wordfence.

Four WordPress plugins and fifteen Epsilon Framework themes are targeted by the threat actors, one of which has no accessible fix.

As reported by BleepingComputer, the affected plugins are PublishPress Capabilities, Kiwi Social Plugin, Pinterest Automatic, and WordPress Automatic.

Amongst the targeted Epsilon Framework themes are, Shapely, NewsMag, Activello, Illdy, Allegiant, Newspaper X, Pixova Lite, Brilliance, MedZone Lite, Regina Lite, Transcend, Affluent, Bonkers, Antreas, NatureMag Lite.

Attackers are targeting 4 individual plugins with Unauthenticated Arbitrary Options Update Vulnerabilities. The four plugins consist of ​​Kiwi Social Share, which has been patched since November 12, 2018, ​​WordPress Automatic and Pinterest Automatic which have been patched since August 23, 2021, and PublishPress Capabilities which was recently

Read More: https://heimdalsecurity.com/blog/1-6-million-wordpress-sites-were-attacked/