image credit: unsplash
WordPress admins are being warned to remove a buggy plugin or risk a total site takeover.
This particular threat relates to a plugin which is no longer in use: Modern WPBakery page builder addons. The vulnerability in the plugin, known as CVE-2021-24284, allows “unauthenticated arbitrary file upload via the ‘uploadFontIcon’ AJAX action”. This means that attackers could upload rogue PHP files to the WordPress site, leading to remote code execution and a complete site takeover.
Comments are closed.
