nz

Online Zeitung

Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild — Jetpack: WordPress Security, Performance, and Growth

Back on April 20th, 2021, our friends at WPScan reported a severe vulnerability on Kaswara Modern VC Addons, also known as Kaswara Modern WPBakery Page Builder Addons. It is not available anymore at Codecanyon/Envato, meaning that if you have this running, you must choose an alternative. This vulnerability allows unauthenticated users to upload arbitrary files to the plugin’s icon directory (./wp-content/uploads/kaswara/icons). This is the first Indicator Of Compromise (IOC) our friends at WPScan shared with us in their report. The ability to upload arbitrary files to a website gives the bad actor full control over the site, which makes it hard to define the final payload of this infection; thus, we’ll show you everything we found so far (we got a little carried away on the research, so feel free to jump to the IOC section if you don’t want to read through).

Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild — Jetpack: WordPress Security, Performance, and Growth

Author: Nilzeitung

Danke für ihren Besuch.!!"dieser Seite im Aufbau". Es stimmt, dass es keine Freiheit ohne Pressefreiheit gibt. Wahrer Frieden des Journalismus ist eine der Säulen der Demokratie (Salah El-Nemr) se/nz.

Comments are closed.