Get in Touch
WordPress Attacks
Overview
There’s been a huge surge of attacks against WordPress sites.
4 individual plugins are targeted as well as a number of Epsilon Framework themes. Attackers are using the vulnerability to change configuration options on the sites which would then allow them to add new admin users.
Impact
Remote attackers are able to take over vulnerable WordPress installations.
Vulnerability Detection
Check for new user accounts.
Check the settings panel for membership options.
Affected Products
Targeted WordPress plugins:
- PublishPress Capabilities <= 2.3
- Kiwi Social Plugin <= 2.0.10
- Pinterest Automatic <= 4.14.3
- WordPress Automatic <= 3.53.2
Epsilon Framework themes:
- Shapely <=1.2.8
- NewsMag <=2.4.1
- Activello <=1.4.1
- Illdy <=2.1.6
- Allegiant <=1.2.5
- Newspaper X <=1.3.1
- Pixova Lite <=2.0.6
- Brilliance <=1.2.9
- MedZone Lite <=1.2.5
- Regina Lite <=2.0.5
- Transcend <=1.1.9
- Affluent <1.1.0
- Bonkers <=1.0.5
- Antreas <=1.0.6
- NatureMag Lite – No patch
Containment, Mitigations & Remediations
Update the plugin where possible.
For the unpatched theme, removal is recommended
Indicators of Compromise
144[.]91[.]111[.]6
185[.]9[.]156[.]158
195[.]2[.]76[.]246
37[.]187[.]137[.]177
51[.]75[.]123[.]243
185[.]200[.]241[.]249
62[.]171[.]130[.]153
185[.]93[.]181[.]158
188[.]120[.]230[.]132
104[.]251[.]211[.]115
Threat Landscape
WordPress plugins are a popular target for criminals as they can easily be repurposed as phishing sites.
Mitre Methodologies
T1190 – Exploit Public-Facing Application
Further Information
1.6 Million WordPress Sites Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs