The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover. “Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin. Traced as CVE-2021-24284, the vuln targets Kaswara Modern WPBakery Page Builder Addons and, if exploited, it would allow criminals to upload malicious JavaScript files and even completely take over an organization’s website.”

Leave a Reply

%d bloggers like this: