Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in

  /     /     /  
Publicated : 23/11/2024   Category : security


Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in


A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.



A no-code page builder WordPress plug-in, Tatsu Builder, has a known remote code execution (RCE) flaw thats under active attack, researchers report, exposing as many as 50,000 sites to takeover. 
The Wordfence threat intelligence team is raising the alarm over what it calls a widespread attack attempting to exploit 
CVE-2021-25094
, publicly disclosed on March 24. The vulnerability impacts both the premium and free versions of Tatsu Builder. 
Because its not listed on Wordpress.org, the team says it doesnt know exactly how many installations the plug-in has, but they estimate its anywhere from 20,000 to 50,000 sites. 
The Wordfence report says the
Wordpress plug-in attacks
first popped up on May 10, and by May 14 threat actors had already launched 5.9 million attacks against 1.4 million
sites running Tatsu Builder

“When it comes to cybersecurity, most organizations give little thought to their websites, Chris Olson, CEO of the Media Trust, said in a statement in reaction to the attacks. The Tatsu vulnerability shows us why this is a mistake: websites — which play a key role in marketing and revenue generation — are increasingly targeted by hackers, making them a source of risk to customers and casual visitors. 

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in