Researchers have spotted scans against 1.6 million WordPress sites looking for vulnerable Kaswara Modern WPBakery Page Builder Addons plugin.
According to the Wordfence Threat Intelligence team, attackers have been targeting an arbitrary file upload vulnerability (CVE-2021-24284) via the ‘uploadFontIcon’ AJAX action in the now closed plugin.
NIST rates this vulnerability Critical severity (CVSS score of 9.8).
Moreover, Wordfence said they have blocked on average 443,868 attack attempts per day against Wordfence-protected sites during the recent campaign.
Although nearly 1.6 million sites have been under attack, Wordfence confirmed the “majority of those sites were not running the vulnerable plugin.”
As Wordfence recommended back in an April post, users should disable and remove this Kaswara Modern WPBakery Page Builder Addons plugin as soon as possible since a patch for this critical vulnerability is highly unlikely.