An uncorrected flaw contained in a simple plugin is blowing like a wind of panic on WordPress. Over 400,000 attempts to exploit this breach are now identified by Wordfence every day.
Kaswara Modern WPBakery Page Builder Addons, this is the name of a plugin that has been causing a stir for several days among security researchers working on WordPress. This extension module indeed contains a flaw discovered in April 2021… which has, to date, still not been filled. And since early July, hackers have been actively trying to take advantage of it.
Wordfence is sounding the alarm…
Identified with the reference CVE-2021-24284, this flaw is considered critical. It can indeed allow the downloading of unauthenticated arbitrary files which can in turn be exploited to obtain the execution of code. Hackers can therefore potentially take control of websites that use the infected plugin.
And, in this case, there are many. According to Wordfence, between 4,000 and 8,000 sites have installed this plugin, which is no longer supported by its developers. Even more worrying, we learn that an average of 443,868 attacks aimed at exploiting this flaw have been carried out every day since the beginning of the month, and via just over 10,000 different IP addresses. TheHackerNews reports, however, that most of these attempts actually come from 10 IP addresses.
Lack of immediate fix, if you use the plugin Kaswara Modern WPBakery Page Builder Addons on your site, it is therefore strongly advised to delete it.
Source : TheHackerNews
See the offer
8
- Quick learning
- Thousands of themes
- Almost 60,000 extensions
WordPress is the undisputed star of the web. Its ergonomics, the richness of its templates (reactive, free or paid), the myriad of extensions, its referencing capacities are attractive. The other side of the coin, it concentrates most of the cyberattacks and quickly becomes slow. WordPress site owners have a tendency to accumulate useless plugins, often without updating them. Depending on the needs of the company or the individual, it is therefore necessary to check the relevance of this CMS.
WordPress is the undisputed star of the web. Its ergonomics, the richness of its templates (reactive, free or paid), the myriad of extensions, its referencing capacities are attractive. The other side of the coin, it concentrates most of the cyberattacks and quickly becomes slow. WordPress site owners have a tendency to accumulate useless plugins, often without updating them. Depending on the needs of the company or the individual, it is therefore necessary to check the relevance of this CMS.
3