Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons.
The experts strongly recommend completely removing Kaswara Modern WPBakery Page Builder Addons as soon as possible and installing an alternative because likely the plugin will never receive a security fix for this issue.
Wordfence solution is currently protecting over 1,000 websites that are using the plugin, but they estimate that the total number of websites that still have the plugin installed is between 4,000 and 8,000.
“We have blocked an average of 443,868 attack attempts per day against the network of sites that we protect during the course of this campaign. Please be aware that while 1,599,852 unique sites were targeted, a majority of those sites were not running the vulnerable plugin.” reads the advisory published by Wordfence.”The majority of the attacks we have seen are sending a POST request to /wp-admin/admin-ajax.php using the uploadFontIcon AJAX action found in the plugin to upload a file to the impacted website.”” ”
Administrators could check if they have been targeted by the threat actors looking for the following query string in their logs:
The researchers observed that the attack attempts originated from 10,215 IP addresses, most of them coming from ten IPs.
(SecurityAffairs – hacking, WPBakery Page Builder)