Last updated on August 9th, 2022 at 01:57 am
The WordPress plugin, which allows editing and customizing WordPress pages without writing any code, is vulnerable to a vulnerability that could allow file uploads without authentication. Threat actors hacking campaigns are targeting approximately 1.6 million WordPress sites through this vulnerable plugin.
The critical vulnerability, tracked as CVE-2021-24284, allows an unauthenticated threat actor to inject malicious Javascript code into sites using any version of the plugin, resulting in a complete site takeover. Additionally, a trojan malware called NDSW is deployed that will redirect visitors to phishing and harmful advertising pages by injecting malicious code into legitimate Javascript files.
Due to the low probability of getting an update, it is recommended that the plugin be removed from use immediately, and alternatives should be found.
In addition, even if the plugin is not used, it is recommended that the IP addresses detected in the attack campaign be blocked from the security devices in use.
