Millions of WordPress sites are being scanned for potential attacks

WordPress logo
(Image credit: WordPress)

Cybercriminals have spotted an abandoned WordPress plugin that is vulnerable to a high-severity flaw, and are now on the hunt for any websites using it. 

Security firm Wordfence found that since July 4, cybercriminals have scanned almost 1.6 million WordPress site in search of the vulnerable plugin. 

Luckily, only a small portion of websites are running the plugin, significantly reducing the potential threat landscape. 

Half a million attacks a day

The plugin in question is called Kaswara Modern WPBakery Page Builder. Allegedly, it’s been abandoned by its authors, and is no longer receiving updates. As such, it is vulnerable to CVE-2021-24284.

This vulnerability allows threat actors to upload and download files to and from vulnerable WordPress websites, which could mean complete site takeover.

Defiant, the company behind Wordfence, says their customers are getting almost half a million attack attempts a day. The attacks are coming from more than 10,000 unique IP addresses, although the volume between them varies. Some IP addresses are generating “millions of requests”, it was added.

The researchers are suggesting admins to remove the Kasware Modern WPBakery Page Builder Addons plugin from their websites immediately, and for those that don’t use it - they should still block the attackers’ IP addresses.

The details can be found on the Wordfence blog here.

WordPress is the world’s number one website builder, accounting for a significant portion of all the websites in the world. As such, it is a major target for cybercriminals. But WordPress as a platform is relatively safe, and only a few basis points of vulnerabilities are found directly on the platform.

The majority is found in WordPress plugins, which are almost exclusively third-party. Some of them are commercial, and have experienced teams contributing regular updates. Others, however, are free-to-use and often don’t get nearly as many updates as needed, leaving users at risk of identity theft, data theft, website defacement, and numerous other cyberattacks.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.