Analysts at Wordfence recently recorded a huge wave of attacks on 1.6 million WordPress sites. Attacks originate from 16,000 IP addresses.

Attackers are attacking four WordPress plugins and 15 Epsilon Framework themes, and for one of them a security patch has not yet been released.

Patches for some of the plugins under attack were released back in 2018, while others were released recently. Affected plugins: PublishPress Capabilities, Kiwi Social Plugin, Pinterest Automatic, and WordPress Automatic.

The impacted Epsilon Framework themes: Shapely, NewsMag, Activello, Illdy, Allegiant, Newspaper X, Pixova Lite, Brilliance, MedZone Lite, Regina Lite, Transcend, Affluent, Bonkers, Antreas, and NatureMag Lite (no known patch available).

Experts recommend users to update plugins and themes as soon as possible. And if you are using a NatureMag Lite theme that does not have a fix, it is recommended to uninstall it.

Source: securitylab.ru