Traced as CVE-2021-24284, the vulnerability targets Kaswara Modern WPBakery Page Builder Addons and, if exploited, it would allow criminals to upload malicious JavaScript files and even completely take over an organization's website. All versions are susceptible, there's no patch, so now's a good time to remove this add-on.
Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks — the WordPress security shop claims it blocked an average of 443,868 attack attempts per day on its customers' sites.
Software developers never patched the bug, and the plugin is now closed, which means that all versions are susceptible to an attack. The bug hunters estimated between 4,000 and 8,000 websites still have the vulnerable plugin installed, and noted that while 1,599,852 unique sites were targeted, a majority of those weren't running the plugin.
No comments:
Post a Comment