Attackers scan 1.6 million WordPress sites for vulnerable plugin

Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication.

The attackers are targeting the Kaswara Modern WPBakery Page Builder, which has been abandoned by its author before receiving a patch for a critical severity flaw tracked as CVE-2021-24284.

The vulnerability would allow an unauthenticated attacker to inject malicious Javascript to sites using any version of the plugin and perform actions like uploading and deleting files, which could lead to…


More Info

About mblog.my

Check Also

Why do you need Themesinfo WordPress theme detector?

When you are taking steps to build your websites, there are specific modern tools available. …

Leave a Reply

Your email address will not be published. Required fields are marked *