On December 9, 2021, the Threat Intelligence team saw a significant increase in attacks targeting vulnerabilities that allow attackers to alter arbitrary parameters on susceptible sites, says the report. This prompted an inquiry, which resulted in the discovery of a live attack aimed at over a million WordPress sites. according to a Wordfence blog article. Over the past 36 hours, the Wordfence network has blocked over 13.7 million attacks across over 1.6 million sites, coming from over 16,000 distinct IP addresses, targeting four different plugins and various Epsilon Framework themes.
Most of the time, threat actors enable the users can register option and set the default role option to administrator, according to experts. The attackers can then register as an administrator on any website and take control of it. The presence of a vulnerable version of any of the following plugins or themes, as well as the presence of a rogue user account, are both indicators of compromise.