Cyber criminals have spotted an abandoned WordPress (opens in new tab) plugin that is vulnerable to a very serious flaw and is now looking for websites using it.
Security firm Wordfence discovered that cybercriminals have scanned nearly 1.6 million WordPress sites looking for the vulnerable plugin since July 4.
Fortunately, only a small fraction of websites use the plugin, significantly reducing the potential threat landscape.
Half a million attacks a day
The plugin in question is called Kaswara Modern WPBakery Page Builder. It has reportedly been abandoned by the authors and no longer receives updates. As such, it is vulnerable to CVE-2021-24284.
This vulnerability allows threat actors to upload and download files to and from vulnerable WordPress websites, which could lead to complete takeover of the site.
Defiant, the company behind Wordfence, says their customers get nearly half a million attack attempts per day. The attacks originate from more than 10,000 unique IP addresses, although the volume varies between them. Some IP addresses generate “millions of requests,” it added.
The researchers suggest administrators remove the Kasware Modern WPBakery Page Builder Addons plugin from their websites immediately, and for those who don’t use it, they still have to block the attackers’ IP addresses.
The details can be found on the Wordfence blog here (opens in new tab).
WordPress is the world’s number one website builder (opens in new tab), which accounts for a significant portion of all websites in the world. As such, it is a prime target for cyber criminals. But WordPress as a platform is relatively secure and there are only a few basic points of vulnerabilities directly on the platform.
The majority are found in WordPress plugins, which are almost exclusively third-party. Some of them are commercial and have experienced teams that provide regular updates. However, others are free to use and often don’t get as many updates as needed, putting users at risk for identity theft, data theft, website corruption, and a host of other cyber-attacks.
Via: BleepingComputer (opens in new tab)