"Attackers Scan 1.6 Million WordPress Sites for Vulnerable Plugin"

Researchers have discovered a massive campaign that scanned nearly 1.6 million WordPress sites for the presence of a vulnerable plugin that enables file uploads without authentication. The attackers are focusing on the Kaswara Modern WPBakery Page Builder, which was abandoned by its author prior to receiving a patch for a critical severity flaw tracked as CVE-2021-24284. The flaw would allow an unauthenticated attacker to inject malicious JavaScript into sites using any version of the plugin and perform actions such as uploading and deleting files, potentially leading to a complete site takeover. While the campaign's size is impressive, with 1,599,852 different sites targeted, only a small percentage of them are running the vulnerable plugin. Researchers at Defiant, the maker of the Wordfence WordPress security solution, observed nearly half a million attack attempts per day against the customer sites they protect. The attacks began on July 4, according to Wordfence telemetry data, and are still being attempted at a rate of 443,868 per day. The researchers found that the attacks originate from 10,215 distinct IP addresses, with some generating millions of requests while others are limited to lower numbers. This article continues to discuss the surge in attacks against an abandoned WordPress plugin. 

Bleeping Computer reports "Attackers Scan 1.6 Million WordPress Sites for Vulnerable Plugin"