Attackers have targeted security vulnerabilities on four plugins and Epsilon themes, in order to assign administrative accounts.
An active attack against more than 1.6 million WordPress sites continues, researchers saw tens of millions of attempts to use four different plugins and a few Epsilon Framework themes.
The goal is the full acquisition of a site using copyright. The function comes from more than 16,000 different IP addresses, according to Wordfence analysis. There were 13.7 million attacks in the first 36 hours.
Researchers say the attackers intend to exploit the “risk of updating unauthorized options” in the following plugins: Kiwi Social Share and WordPress Automatic, Pinterest Automatic and PublishPress Skills.
Read More: Threatpost
For more such updates follow us on Google News ITsecuritywire News