Defiant researchers noted a surge in attacks against WordPress sites having Kaswara Modern WPBakery Page Builder as a plugin since it’s plagued with a security bug that hasn’t received any patch.
Mass Scanning Across The Web
Exploiting vulnerable WordPress themes or plugins to takeover the relying site is usual, just as the concerned developer passes patches to secure them. But, since July 4th, attackers are mass scanning the web to find WordPress sites with a vulnerable plugin – that was abandoned by the concerned developer!
This puts millions of sites using the plugin – Kaswara Modern WPBakery Page Builder at risk, which is plagued with critical severity flaw tracked as CVE-2021-24284. Researchers noted that anyone exploiting this could successfully take over the site remotely, as they can upload malicious files and make changes as desired.
As of today, researchers at Defiant noted that 1,599,852 unique sites are being targeted by hackers to exploit this plugin. And since July 4th, there have been an average of half a million hits targeting sites with this faulted plugin.
Since the author of Kaswara Modern WPBakery Page Builder has abandoned developing it, researchers warned WordPress users having this plugin of the potential threat.
Other Trending News:- News