![]() ![]() Wordfence Premium customers received firewall rules this morning, on April 21, 2021, to protect against active exploitation of these vulnerabilities. We have identified several vulnerabilities in this plugin which could allow unauthenticated attackers the ability to take over vulnerable WordPress sites, and numerous other vulnerabilities with lesser impacts. Due to the fact that this plugin has been closed and the plugin developer has been unresponsive, we urge you to remove this plugin completely from your WordPress site immediately. ![]() In addition to the actively exploited flaw, we discovered several vulnerable endpoints that could allow attackers to do a wide range of things like deleting arbitrary files and injecting malicious Javascript. This vulnerability was reported this morning to WPScan by “Robin Goodfellow.” The exploited flaw makes it possible for unauthenticated attackers to upload malicious PHP files to a WordPress site and ultimately achieve remote code execution to take over the site. Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a premium plugin that we estimate has over 10,000 installations. PSA: Remove Kaswara Modern WPBakery Page Builder Addons Plugin Immediately
0 Comments
Leave a Reply. |