According to researchers, millions of malicious scans are rolling across the internet. Seeking known vulnerabilities in the Epsilon Framework for building WordPress themes.
More than 7.5 million probes targeting these vulnerabilities have been noted. Against more than 1.5 million WordPress sites, just since Tuesday. According to the Wordfence Threat Intelligence team.
Epsilon serves as the foundation for multiple WordPress themes from third parties. To allow remote code execution (RCE) and site takeovers, several recently patched security bugs in the framework could be chained together, researchers said.
Through code reuse, multiple themes have vulnerable versions in circulation, including Shapely, NewsMag, Activello