Millions of WordPress sites are scanned for potential attacks


Cybercriminals spotted an abandoned WordPress (opens in a new tab) plugin which is vulnerable to a high-severity flaw and is now tracking all websites that use it.

Security firm Wordfence discovered that since July 4, cybercriminals have scanned nearly 1.6 million WordPress sites for the vulnerable plugin.

Luckily, only a small portion of websites run the plug-in, which significantly reduces the landscape of potential threats.

Half a million attacks per day

The plugin in question is called Kaswara Modern WPBakery Page Builder. Apparently, it has been abandoned by its authors and no longer receives updates. As such, it is vulnerable to CVE-2021-24284.

This vulnerability allows threat actors to upload and download files to and from vulnerable WordPress websites, which could mean a complete takeover of the site.

Defiant, the company behind Wordfence, claims its customers experience nearly half a million attempted attacks per day. Attacks originate from more than 10,000 unique IP addresses, although the volume between them varies. Some IP addresses generate “millions of requests”, it added.

The researchers suggest administrators immediately remove the Kasware Modern WPBakery Page Builder Addons plugin from their websites, and for those who don’t use it, they should still block attackers’ IP addresses.

Details can be found on the Wordfence blog here (opens in a new tab).

WordPress is the number one website builder in the world (opens in a new tab), accounting for a significant share of all websites worldwide. As such, it is a major target for cyber criminals. But WordPress as a platform is relatively secure, and only a few basic points of vulnerabilities are found directly on the platform.

The majority are found in WordPress plugins, which are almost exclusively third-party. Some of them are commercial and have experienced teams that provide regular updates. Others, however, are free and often don’t get as many updates as needed, putting users at risk of identity theft, data theft, website defacing, and many more. cyberattacks.

Via: BleepingComputer (opens in a new tab)


Comments are closed.