A severe vulnerability existed in Kaswara Modern WPBakery Page Builder WordPress Addons are affecting millions of websites.
The Kaswara Addon was abandoned by its author before an arbitrary file upload vulnerability, tracked as CVE-2021-24284, came to light and now its been patched. Kaswara Modern WPBakery Page Builder Addons have a vulnerability that allows a way to upload malicious PHP files to an affected website, leading to code execution and complete site takeover.
It is recommended that any users of Kaswara Modern WPBakery Page Builder Addons deactivate and then purge. Even if you have this addon and it is not activated on your site, it should still be deleted.
Wordfence notes that it has blocked nearly half a million attack attempts a day since early July, attacks which unprotected sites with this addon would fall victim to. The makers of Wordfence say that roughly 1.6M sites under its protection have been targeted repeatedly by attackers seeking out this vulnerability.
Top 10 IP Addresses exploiting the bug
- 184.108.40.206 with 1,591,765 exploit attempts blocked
- 220.127.116.11 with 898,248 exploit attempts blocked
- 18.104.22.168 with 390,815 exploit attempts blocked
- 22.214.171.124 with 276,006 exploit attempts blocked
- 126.96.36.199 with 212,766 exploit attempts blocked
- 188.8.131.52 with 187,470 exploit attempts blocked
- 184.108.40.206 with 102,658 exploit attempts blocked
- 220.127.116.11 with 62,376 exploit attempts blocked
- 18.104.22.168 with 32,890 exploit attempts blocked
- 22.214.171.124 with 31,329 exploit attempts blocked