More than 1.6 million WordPress sites have been targeted by 13.7 million attacks exploiting security flaws in four different plugins and numerous Epsilon Framework themes over a 36-hour period, according to Threatpost.
Wordfence researchers reported that threat actors have been abusing already addressed "unauthenticated arbitrary options update vulnerabilities" in the Kiwi Social Share, Pinterest Automatic, WordPress Automatic, and PublishPress Capabilities plugins, according to researchers. Moreover, a function-injection flaw in 15 Epsilon Framework themes, installed in over 150,000 sites, is also being exploited.
Organizations using the impacted plugins or themes have been urged to immediately apply updates to ensure protection. Researchers noted that system admins could determine potential compromise by checking whether any user accounts are unauthorized.
"If the site is running a vulnerable version of any of the four plugins or various themes, and there is a rogue user account present, then the site was likely compromised via one of these plugins. Please remove any detected user accounts immediately," added researchers.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.