Sudden mutation exploiting a vulnerability in a WordPress plugin

Researchers from Wordfence have sounded the alarm about a "sudden" rise in cyber attacks trying to exploit an unprecedented vulnerability in...

Researchers from Wordfence have sounded the alarm about a "sudden" rise in cyber attacks trying to exploit an unprecedented vulnerability in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons.

Sudden mutation exploiting a vulnerability in a WordPress plugin

Tracked as CVE-2021-24284 , the issue is rated 10.0 on the CVSS vulnerability logging system and relates to an arbitrary, unauthenticated file upload that could be misused to gain code execution, allowing attackers to take over affected WordPress sites.


Although the bug was originally disclosed in April 2021 by security company WordPress, it still remains unresolved. To make matters worse, the plugin has been shut down and is no longer actively maintained.


Wordfence, which protects more than 1,000 sites where the plugin is installed, said it has blocked an average of 443,868 attack attempts per day since the start of the month.


The attacks originated from 10,215 IP addresses, with the majority of exploit attempts reduced to 10 IP addresses. This includes uploading a zip archive containing a malicious PHP file that allows the attacker to upload files to the infected website.


The goal of the campaign appears to be inserting code into legitimate JavaScript files and redirecting site visitors to malicious websites. It is worth noting that Avast and Sucuri attacks were tracked under the Parrot TDS and NDSW monikers, respectively.

إرسال تعليق

Cookie Consent

We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.