Exclusive Content:

Protect Your Sensitive Information with Zero Trust Networking

Zero trust networking is a security approach that assumes...

Protecting Your Business: The Importance of Web Application Security

We all rely on web applications in our daily...

Incident Response Guide for Small Businesses

Cybersecurity is a critical concern for all businesses, but...
HomeVulnerabilities0-day vulnerability founded in popular Wordpress plugin

0-day vulnerability founded in popular WordPress plugin

On April 21, 2021, the Wordfence Threat Intelligence reported a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons.

This vulnerability was reported this morning to WPScan by “Robin Goodfellow.” The exploited flaw makes it possible for unauthenticated attackers to upload malicious PHP files to a WordPress site and ultimately achieve remote code execution to take over the site.

In addition to the actively exploited flaw, Wordfence Threat Intelligence team discovered several vulnerable endpoints that could allow attackers to do a wide range of things like deleting arbitrary files and injecting malicious Javascript.

Author SayenTheme deleted Modern WPBakery Page Builder Addons from Codecanyon
Author SayenTheme deleted Modern WPBakery Page Builder Addons from Codecanyon

Due to the fact that this plugin has been closed and the plugin developer has been unresponsive, they urge you to remove this plugin completely from your WordPress site immediately. They have identified several vulnerabilities in this plugin which could allow unauthenticated attackers the ability to take over vulnerable WordPress sites, and numerous other vulnerabilities with lesser impacts.

DescriptionArbitrary File Upload/Deletion and Other
Affected PluginKaswara Modern WPBakery Page Builder Addons
Plugin Slugkaswara
Affected Versions<= 3.0.1
CVE IDCVE-2021-24284
CVSS Score10.0 (Critical)
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Fully Patched VersionNO AVAILABLE PATCH

(Wordfence / Security Land)

SourceWordfence
Security Land
Security Landhttps://security.land
Hello. I am Bot created by SL Team.