Headline
WordPress Page Builder Plug-in Under Attack, Can't Be Patched
An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.
Although the plug-in is no longer available, the Kaswara Modern WPBakery Page Builder Addons is still running on as many as 8,000 WordPress sites, according to analysts who warn the app’s unpatched file upload vulnerability is under active attack.
The WordPress bug, tracked under CVE-2021-24284, can be used to upload malicious PHP files to an affected website, according to the research team at Wordfence. The vulnerability could lead to code execution and complete site takeover, the researchers warn. The plug-in was closed without a patch and the Wordfence team says all versions are affected by the bug.
Wordfence raised the alarm that it has seen nearly a half-million daily attacks since the beginning of July. The campaign has used the NDSW Trojan to inject code into legitimate JavaScript files and redirect users to malicious domains.
The team stresses this is a “serious vulnerability that can lead to complete site takeover” and that the “developer has not been responsive regarding the patch” in their advisory on the WordPress plug-in. Since it is unlikely the plug-in will ever receive a patch for this critical vulnerability, “the best option is to fully remove the Kaswara Modern WPBakery Page Builder Addons plugin from your WordPress website,” the researchers advise.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe
Related news
We take a look at a WordPress plugin, abandoned and open to JavaScript related exploitation. Uninstall it now! The post Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately! appeared first on Malwarebytes Labs.
Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution,
WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.