August 15, 2022

TheCyberThrone

Thinking Security ! Always

WordPress Plug-in Kaswara bug – Millions of websites affected

A severe vulnerability existed in Kaswara Modern WPBakery Page Builder WordPress Addons are affecting millions of websites.

The Kaswara Addon was abandoned by its author before an arbitrary file upload vulnerability, tracked as CVE-2021-24284, came to light and now its been patched. Kaswara Modern WPBakery Page Builder Addons have a vulnerability that allows a way to upload malicious PHP files to an affected website, leading to code execution and complete site takeover.

Advertisements

It is recommended that any users of Kaswara Modern WPBakery Page Builder Addons deactivate and then purge. Even if you have this addon and it is not activated on your site, it should still be deleted.

Wordfence notes that it has blocked nearly half a million attack attempts a day since early July, attacks which unprotected sites with this addon would fall victim to. The makers of Wordfence say that roughly 1.6M sites under its protection have been targeted repeatedly by attackers seeking out this vulnerability.

Top 10 IP Addresses exploiting the bug

  • 217.160.48.108 with 1,591,765 exploit attempts blocked
  • 5.9.9.29 with 898,248 exploit attempts blocked
  • 2.58.149.35 with 390,815 exploit attempts blocked
  • 20.94.76.10 with 276,006 exploit attempts blocked
  • 20.206.76.37 with 212,766 exploit attempts blocked
  • 20.219.35.125 with 187,470 exploit attempts blocked
  • 20.223.152.221 with 102,658 exploit attempts blocked
  • 5.39.15.163 with 62,376 exploit attempts blocked
  • 194.87.84.195 with 32,890 exploit attempts blocked
  • 194.87.84.193 with 31,329 exploit attempts blocked
%d bloggers like this: