Headline
Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately!
We take a look at a WordPress plugin, abandoned and open to JavaScript related exploitation. Uninstall it now! The post Warning for WordPress admins: uninstall the Modern WPBakery plugin immediately! appeared first on Malwarebytes Labs.
WordPress admins are being warned to remove a buggy plugin or risk a total site takeover.
This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action”. This means that attackers could upload rogue PHP files to the WordPress site, leading to remote code execution and a complete site takeover.
There’s been a sudden increase in attacks related to this abandoned WordPress relic. In 2021, researchers discovered “several vulnerable endpoints” which could lead to injection of malicious JavaScript or even deletion of arbitrary files in Modern WPBakery. This time around, the aim of the game is to once again upload rogue PHP files then inject malicious JavaScript into the site.
Roughly 1.6 million sites have been scanned to check for the plugin’s presence by bad actors, and current estimates suggest somewhere in the region of 4,000 to 8,000 websites are still playing host to the plugin.
Check and remove ASAP
The current advice is to check for the plugin, and then remove it as soon as you possibly can. It’s been completely abandoned, and no security-related fixes will be forthcoming.
If you have it installed, you’re on your own, and it’s likely only a matter of time before the exploiters make their way to your Modern WPBakery hosting website and start getting up to mischief.
Do yourself and your site visitors a favour: Remove this outdated invitation to site-wide compromise as soon as you possibly can.
Related news
An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.
Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution,
WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability.
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.