Unknown threat actors are scanning for WordPress websites with Epsilon Framework themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. Wordfence has seen a surge of more than 7.5 million attacks against more than 1.5m sites targeting these vulnerabilities, coming from over 18,000 IP addresses. The attacks use POST requests to admin-ajax.php and as such do not leave distinct log entries, though they will be visible in WordFence Live Traffic. Owners and admins of websites running vulnerable versions of these themes should update to a patched version if available.
Source: https://www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/