WordPress Page Builder plugin under attack, cannot be fixed

Although the plugin is no longer available, Kaswara Modern WPBakery Page Builder Addons still works on as many as 8,000 WordPress sites, according to analysts who warn that the application’s unpatched file upload vulnerability is the subject of of an active attack.

The WordPress bug, tracked below CVE-2021-24284, can be used to upload malicious PHP files to an affected website, according to the Wordfence research team. The vulnerability could lead to code execution and complete takeover of the site, the researchers warn. The plugin has been shut down without a fix, and the Wordfence team says all versions are affected by the bug.

Wordfence has sounded the alarm seeing nearly half a million daily attacks since early July. The campaign used the NDSW Trojan to inject code into legitimate JavaScript files and redirect users to malicious domains.

The team points out that this is a “serious vulnerability that could lead to a complete site takeover” and that “the developer has not responded to the fix” in their advisory on the WordPress pluginnot. Since the plugin is unlikely to ever receive a patch for this critical vulnerability, “the best option is to completely remove the Kaswara Modern WPBakery Page Builder Addons plugin from your WordPress website,” the researchers advise.

Keep up to date with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly straight to your inbox.


Comments are closed.