July 15, 2022 By Pierluigi Paganini
Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons.
The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The plugin has been closed, but developers haven’t addressed the issue that still impacts all versions of the plugin. An attacker can trigger the issue to upload malicious PHP files to a website using the vulnerable component, leading to code execution and potentially take over the site. Once they’ve established a foothold, attackers can also inject malicious JavaScript into files on the site, among other malicious actions.