Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!

WordPress admins are being warned to remove a buggy plugin or risk a total site takeover.

This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action”. This means that attackers could upload rogue PHP files to the WordPress site, leading to remote code execution and a complete site takeover.

There’s been a sudden increase in attacks related to this abandoned WordPress relic. In 2021, researchers discovered “several vulnerable endpoints” which could lead to injection of malicious JavaScript or even deletion of arbitrary files in Modern WPBakery. This time around, the aim of the game is to once again upload rogue PHP files then inject malicious JavaScript into the site.

Roughly 1.6 million sites have been scanned to check for the plugin’s presence by bad actors, and current estimates suggest somewhere in the region of 4,000 to 8,000 websites are still playing host to the plugin.

Check and remove ASAP

The current advice is to check for the plugin, and then remove it as soon as you possibly can. It’s been completely abandoned, and no security-related fixes will be forthcoming.

If you have it installed, you’re on your own, and it’s likely only a matter of time before the exploiters make their way to your Modern WPBakery hosting website and start getting up to mischief.

Do yourself and your site visitors a favour: Remove this outdated invitation to site-wide compromise as soon as you possibly can.