Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes. Multiple recently patched security bugs in the framework could be chained together to allow remote code-execution (RCE) and site takeovers. Multiple themes have vulnerable versions in circulation, including Shapely, NewsMag, Activello and 12 others. Wordfence: More than 7.5 million probes targeting these vulnerabilities have been observed, against more than 1.5m WordPress sites, just since Tuesday.
Source: https://threatpost.com/widespread-scans-rce-bugs-wordpress-websites/161374/