The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been previously disclosed and has not been patched on the now closed plugin. As the plugin was closed without a patch, all versions of the plugin are impacted by this vulnerability. The vulnerability can be used to upload malicious PHP files to an affected website, leading to code execution and complete site takeover. Once they’ve established a foothold, attackers can also inject malicious JavaScript into files on the site, among other malicious actions.
You may also like
How to Create a Storewide Sale in WooCommerce
Trying to figure out how to create a storewide...
Top 5 Exciting Reasons to Start Drop Shipping Business Right Now
You’ve been contemplating starting an ecommerce...
How to Display Most Popular Tags in WordPress (2 Easy Methods)
Do you want to display the most popular tags used...