Security News > 2022 > July > Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability
2022-07-18 15:12

Researchers from Wordfence have sounded the alarm about a "Sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons.

Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, permitting attackers to seize control of affected WordPress sites.

Wordfence, which is protecting over 1,000 websites that have the plugin installed, said it has blocked an average of 443,868 attack attempts per day since the start of the month.

The attacks have emanated from 10,215 IP addresses, with a majority of the exploitation attempts narrowed down to 10 IP addresses.

These involve uploading a ZIP archive containing a malicious PHP file that allows the attacker to upload rogue files to the infected website.

Between 4,000 and 8,000 websites are said to have the plugin installed, making it imperative that users remove it from their WordPress sites to thwart potential attacks and find an appropriate alternative.


News URL

https://thehackernews.com/2022/07/experts-notice-sudden-surge-in.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2021-24284 Unrestricted Upload of File with Dangerous Type vulnerability in Kaswara Project Kaswara 3.0.1
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action.
network
low complexity
kaswara-project CWE-434
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 49 36 409 104 29 578
Plugin 2 0 13 0 0 13