Security News > 2022 > May > Hackers target Tatsu WordPress plugin in millions of attacks
Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites.
Tatsu Builder is a popular plugin that offers powerful template editing features integrated right into the web browser.
The targeted vulnerability is CVE-2021-25094, allows a remote attacker to execute arbitrary code on the servers with an outdated version of the plugin.
Wordfence, a company offering a security solution for WordPress plugins, has been monitoring the current attacks.
Wordfence reports seeing millions of attacks against its customers, blocking a whopping 5.9 million attempts on May 14, 2022.
All users of the Tatsu Builder plugin are strongly recommended to upgrade to version 3.3.13 to avoid attack risks.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- LiteSpeed Cache WordPress plugin bug lets hackers get admin access (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-25 | CVE-2021-25094 | Unspecified vulnerability in Brandexponents Tatsu The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. | 8.1 |