WordPress sites with millions of users are being scanned for potential threats
Cybercriminals are searching for websites utilizing an abandoned WordPress (opens in new tab) plugin because it has a high-severity vulnerability. Since July 4, hackers have searched over 1.6 million WordPress sites for the vulnerable plugin, according to security company Wordfence. Fortunately, only a very tiny percentage of websites are using the plugin, thus reducing the threat environment. The aforementioned plugin is referred to as Kaswara Modern WPBakery Page Builder. It allegedly no longer receives updates because its creators have abandoned it. It is therefore susceptible to CVE-2021-24284.
Threat actors are able to upload and download files to and from susceptible WordPress websites thanks to this vulnerability, which could result in a total site takeover. The firm that makes Wordfence, Defiant, claims that its users experience approximately 500,000 daily attempted attacks. Despite differences in magnitude, the attacks originate from more than 10,000 different IP addresses. It was claimed that some IP addresses were producing “millions of requests.” Researchers advise website administrators to immediately delete the Kasware Modern WPBakery Page Builder Addons plugin from their websites; for those who don’t use it, they should still block the attackers’ IP addresses.
However, WordPress is a relatively secure platform; there are very few flaws that can be detected there directly. The majority can be found in third-party WordPress plugins, which are the majority. Some of them are for profit, and skilled teams often provide updates. Some, on the other hand, put their users at risk of identity theft, data theft, defacement of websites, and other problems because they are free to use and don’t get nearly as many updates as they should.