The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been previously disclosed and has not been patched on the now closed plugin. As the plugin was closed without a patch, all versions of the plugin are impacted by this vulnerability. The vulnerability can be used to upload malicious PHP files to an affected website, leading to code execution and complete site takeover. Once they’ve established a foothold, attackers can also inject malicious JavaScript into files on the site, among other malicious actions.
You may also like
Techniques to Raise Membership Sales For 2024
2024 Membership Sales: Proven Strategies for...
What is Microlearning – Advice For Associations
Benefits of Microlearning: Boost Engagement and...
Try The Divi 5 Alpha Demo Today!
I am back with another Divi 5 update, and today...