WordPress Page Builder Plug-in Under Attack, Cant Be Patched

  /     /     /  
Publicated : 23/11/2024   Category : security

WordPress Page Builder Plug-in Under Attack, Cant Be Patched


An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.


Although the plug-in is no longer available, the Kaswara Modern WPBakery Page Builder Addons is still running on as many as 8,000 WordPress sites, according to analysts who warn the apps unpatched file upload vulnerability is under active attack. 
The
WordPress bug
, tracked under
CVE-2021-24284
, can be used to upload malicious PHP files to an affected website, according to the research team at Wordfence. The vulnerability could lead to code execution and complete site takeover, the researchers warn. The plug-in was closed without a patch and the Wordfence team says all versions are affected by the bug.
Wordfence raised the alarm that it has seen nearly a half-million daily attacks since the beginning of July. The campaign has used the NDSW Trojan to inject code into legitimate JavaScript files and redirect users to malicious domains.
The team stresses this is a serious vulnerability that can lead to complete site takeover and that the developer has not been responsive regarding the patch in their advisory on the
WordPress plug-in
. Since it is unlikely the plug-in will ever receive a patch for this critical vulnerability, the best option is to fully remove the Kaswara Modern WPBakery Page Builder Addons plugin from your WordPress website, the researchers advise. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
WordPress Page Builder Plug-in Under Attack, Cant Be Patched