Headline

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

3 years ago

CVE

Open in Source

#wordpress #php #auth

We take a look at a WordPress plugin, abandoned and open to JavaScript related exploitation. Uninstall it now! The post Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately! appeared first on Malwarebytes Labs.

2 years ago

Malwarebytes

Open in Source

#vulnerability #web #java #wordpress #php #rce #auth #sap

WordPress Page Builder Plug-in Under Attack, Can't Be Patched

An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.

2 years ago

DARKReading

Open in Source

#vulnerability #web #git #java #wordpress #php

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution,

2 years ago

The Hacker News

Open in Source

#vulnerability #web #git #java #wordpress #php #auth #The Hacker News

WordPress Kaswara Modern WPBakery Page Builder 3.0.1 File Upload

WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.

2 years ago

Packet Storm

Open in Source

#xss #vulnerability #web #git #java #wordpress #php