Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild

Posted on June 8, 2021 by Fioravante Souza

Back on April 20th, 2021, our friends at WPScan reported a severe vulnerability on Kaswara Modern VC Addons, also known as Kaswara Modern WPBakery Page Builder Addons. It is not available anymore at Codecanyon/Envato, meaning that if you have this running, you must choose an alternative.

This vulnerability allows unauthenticated users to upload arbitrary files to the plugin’s icon directory (./wp-content/uploads/kaswara/icons). This is the first Indicator Of Compromise (IOC) our friends at WPScan shared with us in their report.

The ability to upload arbitrary files to a website gives the bad actor full control over the site, which makes it hard to define the final payload of this infection; thus, we’ll show you everything we found so far (we got a little carried away on the research, so feel free to jump to the IOC section if you don’t want to read through).

Continue reading → Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild
Posted in Vulnerabilities | Comments Off on Vulnerable Kaswara Modern WPBakery Page Builder Addons Plugin Being Exploited in the Wild

What to Do if Infected With SEO Spam on WordPress

Posted on May 17, 2021 by Fioravante Souza

At Jetpack, dealing with different types of web threats and attacks is part of our routine. Most of the time, it ranges from collecting a malicious file and finding the attack vector, to providing assistance on restoring a website from the latest backup. But sometimes we enter a different dimension of really creative attacks, a dimension of inexplicable reinfections — we enter … the twilight zone.

Okay, I’m probably being over-dramatic, but bear with me as I set the scene for this mystery tale. Ready? Please join me on this trip to the realm of ghosts, spam, and search engines.

Continue reading → What to Do if Infected With SEO Spam on WordPress
Posted in Security, Vulnerabilities | Comments Off on What to Do if Infected With SEO Spam on WordPress

Vulnerabilities Found in Patreon WordPress plugin

Posted on March 26, 2021 by Marc Montpas

During an internal audit of the Patreon plugin for WordPress, the Jetpack Scan team found several weak points that would allow someone to take over a website.

These vulnerabilities were disclosed to the plugin authors, who promptly released version 1.7.2, which fixes all of these issues. If you’re running an older version of the plugin, please update today!

Read on for all of the technical details. If this goes over your head, don’t worry. We offer Jetpack Scan to handle malware scanning and automated upgrades or removal for you.

Continue reading → Vulnerabilities Found in Patreon WordPress plugin
Posted in Security, Vulnerabilities | Comments Off on Vulnerabilities Found in Patreon WordPress plugin

  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 112.5K other subscribers

  • Browse by Topic