1.6 Million WordPress Sites Targeted by Massive Attacks.

Cyber security has always been a concern for the IT industry. Recently, an active attack against more than 1.6 million WordPress sites has been suspected to be underway. Researchers have spotted tens of millions of attempts for exploiting four plugins and fifteen Epsilon Themes.

With What Impact has the Attackers have targeted the Plugins?

The scope of the attack is notable as it is coming from 16000 different types of IP addresses and they aim to assign themselves the administration rights. According to word fence analysis, there were 13.7 million attacks noted in the first 36 hours.

Are you concerned about how threatened word press plugins are putting your website at risk? Then you must know which plugins have become the target of this attack. Almost, 55.9% of attacks on WordPress is due to vulnerable plugins.

So should you stop using plugins? Of course Not! without plugins, there will be no features and functionality to your site.

Problematic Plugins

Attackers target plugins WordPress Automatic (Version 3.53.2 or lower), Kiwi Social Share (Version 2.0.10 or lower), Publish Press Capabilities (version 2.3 or lower), Pinterest Automatic (Version 4.14.3 or lower), some of these plugins were recently patched on December 6.

Epic Epsilon

Reports say that the attackers are trying to target function-injection vulnerability in numerous Epsilon Framework themes, these features use to support remote code execution. Do you know that it is the Epsilon theme that any site builder uses to make your website look appealing? But, you need to check from the list below if any of the themes are applied on your website. If it is, you need to take immediate action.

The attacked themes are:

Activello <=1.4.0







MedZone Lite<=1.2.4

Nature Mag Lite-No Patch, So users shall uninstall it immediately

News Mag <=2.4.1

News Paper X<=1.3.1

Pixova Lite <=2.0.5

Regina Lite <=2.0.4

Shapely <=1.2.7

Transcend <=1.1.8

The above-listed themes are reported to have anchored a similar attack in Nov 2020 as reported by Word Fence. This time the attackers are aiming to take over the administrative rights over the website.

Time to Patch

Word Fence has released the statement that the massive campaign and the vulnerabilities targeting these sites, it has become important to update the security of these sites. It is recommended that if your website has been using any of the above-listed plugins, you need to update your website to the patched version.

At DIVSYNC, we understand the difficulties you may face if you are running multiple WordPress Sites. You can trust the dedicated WordPress Developers at DIVSYNC to keep your site out of any threat.
Look no further and talk to the Word Press Developer Directly.



Join the Conversation

Ready to Get Started?

Have an exciting project in mind? Or maybe would like to improve your current setup? We'd be happy to discuss it with you. Let's get in touch!


Our Global Presence

Portugal Portugal

Lisbon - Portugal Avenida da República, 56 - 1º dto1050-196 Lisboa

+3 (51963) 45 10 07

Russia USA

78-40 164th Street 4V Fresh Meadows Queens NY 11366

+1 929-407-8013

mars Mars