The WordPress plugin, which allows editing and customizing WordPress pages without writing any code, is vulnerable to a vulnerability that could allow file uploads without authentication. Threat actors hacking campaigns are targeting approximately 1.6 million WordPress sites through this vulnerable plugin.

The critical vulnerability, tracked as CVE-2021-24284, allows an unauthenticated threat actor to inject malicious Javascript code into sites using any version of the plugin, resulting in a complete site takeover. Additionally, a trojan malware called NDSW is deployed that will redirect visitors to phishing and harmful advertising pages by injecting malicious code into legitimate Javascript files.

wpbakery page builder plugin's vulnerability affects 1.6 million wordpress sites — WPBakery Page Builder Plugin's Vulnerability Affects 1.6 Million WordPress Sites

Due to the low probability of getting an update, it is recommended that the plugin be removed from use immediately, and alternatives should be found.

In addition, even if the plugin is not used, it is recommended that the IP addresses detected in the attack campaign be blocked from the security devices in use.

CVE-2021-24284 WordPress WPBakery Page Builder

WPBakery Page Builder Plugin's Vulnerability Affects 1.6 Million WordPress Sites

WPBakery Page Builder Plugin's Vulnerability Affects 1.6 Million WordPress Sites

European Focused Threat Actors – Who Actively Continue Their Strategies

Critical 0-Day Alarm in Microsoft Exchange Server

European Focused Threat Actors – APT Groups

Multiple Vulnerabilities Detected in Solarwinds Orion

Security News – Week 39

Zebrocy Malware Technical Analysis Report

Related Posts

Critical 0-Day Alarm in Microsoft Exchange Server

Multiple Vulnerabilities Detected in Solarwinds Orion

Critical RCE Alarm in Sophos Firewall Solutions

AffectMe: The Critical Vulnerability in Oracle Cloud Infrastructure

We know what hackers know about you

Solutions

Use Case

Partners

Company