[ad_1]
The Wordfence team at WordPress security company Defiant warns of an increase in attacks targeting an unpatched vulnerability in the Kaswara addon for the WPBakery Page Builder WordPress plugin.
Tracked as CVE-2021-24284 (CVSS score of 10) and disclosed in April 2021, the critical-severity security bug allows an unauthenticated attacker to upload malicious PHP files to a vulnerable site, potentially achieving remote code execution.
According to Wordfence, an attacker can exploit the flaw to inject malicious JavaScript code into any file on the WordPress installation and completely take…
More Info
