Last updated on August 9th, 2022 at 01:57 am
The WordPress plugin, which allows editing and customizing WordPress pages without writing any code, is vulnerable to a vulnerability that could allow file uploads without authentication. Threat actors hacking campaigns are targeting approximately 1.6 million WordPress sites through this vulnerable plugin.
Due to the low probability of getting an update, it is recommended that the plugin be removed from use immediately, and alternatives should be found.
In addition, even if the plugin is not used, it is recommended that the IP addresses detected in the attack campaign be blocked from the security devices in use.