On April 21, 2021, the Wordfence Threat Intelligence reported a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons.
This vulnerability was reported this morning to WPScan by “Robin Goodfellow.” The exploited flaw makes it possible for unauthenticated attackers to upload malicious PHP files to a WordPress site and ultimately achieve remote code execution to take over the site.
Due to the fact that this plugin has been closed and the plugin developer has been unresponsive, they urge you to remove this plugin completely from your WordPress site immediately. They have identified several vulnerabilities in this plugin which could allow unauthenticated attackers the ability to take over vulnerable WordPress sites, and numerous other vulnerabilities with lesser impacts.
|Description||Arbitrary File Upload/Deletion and Other|
|Affected Plugin||Kaswara Modern WPBakery Page Builder Addons|
|Affected Versions||<= 3.0.1|
|CVSS Score||10.0 (Critical)|
|Fully Patched Version||NO AVAILABLE PATCH|
(Wordfence / Security Land)