Researchers have detected a massive campaign of scanning WordPress sites for a vulnerability that allowed uploading files without authentication.
Hackers are targeting the Kaswara Modern WPBakery Page Builder that was abandoned by the developer and left vulnerable to an important security flaw tracked as CVE-2021-24284.
This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been previously disclosed and has not been patched on the now-closed plugin.
Though the size of the campaign is big with 1,599,852 unique sites targeted, only a small portion of them are running the vulnerable plugin.
Researchers at the Wordfence Threat Intelligence team observed an average of almost 500,000 attempted hacks per day.
The best course of action is to fully remove the Kaswara Modern WPBakery Page Builder Addons plugin as it has been closed and the developer was not responsive.