The Wordfence Threat Intelligence team is reporting on a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This is an ongoing campaign targeting an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which though previously disclosed, had not been patched they closed the plugin.
“As the plugin was closed without a patch, all versions of the plugin are impacted by this vulnerability. The vulnerability can be used to upload malicious PHP files to an affected website, leading to code execution and complete site takeover.
“We have blocked an average of 443,868 attack attempts per day against the network of sites that we protect during the course of this campaign. Please be aware that while 1,599,852 unique sites were targeted, a majority of those sites were not running the vulnerable plugin.”
An expert with Horizon3.ai offers perspective.