Wpbakery Page Builder

This entry was posted in Research, Vulnerabilities, WordPress Security on April 21, 2021 by Chloe Chamberland4 Replies

• Wpbakery Page Builder 6.1
• Wpbakery Page Builder Not Working
• Wpbakery Page Builder 6.5

Right from the start, WPBakery Page Builder is here to help you with ready to use content elements. Literally within minutes, you can build WordPress pages and page layouts with drag and drop interface without touching a single line of code. Skin Builder: Roll Your Own Color Theme. WPBakery Page Builder is the #1 Best Selling drag and drop frontend and backend page builder plugin on the market – already powering 2,000,000+ websites. Join now and start creating beautiful WordPress websites in no time with minimum effort, and – of course – no coding and shortcodes.

Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a premium plugin that we estimate has over 10,000 installations. This vulnerability was reported this morning to WPScan by 'Robin Goodfellow.' The exploited flaw makes it possible for unauthenticated attackers to upload malicious PHP files to a WordPress site and ultimately achieve remote code execution to take over the site.

In addition to the actively exploited flaw, we discovered several vulnerable endpoints that could allow attackers to do a wide range of things like deleting arbitrary files and injecting malicious Javascript. Due to the fact that this plugin has been closed and the plugin developer has been unresponsive, we urge you to remove this plugin completely from your WordPress site immediately. We have identified several vulnerabilities in this plugin which could allow unauthenticated attackers the ability to take over vulnerable WordPress sites, and numerous other vulnerabilities with lesser impacts.

Wordfence Premium customers received firewall rules this morning, on April 21, 2021, to protect against active exploitation of these vulnerabilities. Wordfence users still using the free version will receive the same protection on May 21, 2021.

At this time, we are releasing minimal details due to this being an actively exploited vulnerability with no available patch. We may decide to release more details in the future, but in the meantime we recommend you take appropriate measures to secure your site.

Indicators of Compromise

At this time, we have limited indicators of compromise. However, based on the functionality of the vulnerability we recommend checking the /wp-content/uploads/kaswara/ directory and all subdirectories for any PHP files. If you find a PHP file in this directory, you can assume that your site has been compromised and you should trigger the site cleaning process that is outlined here.

The following files being found on infected sites (special thanks to Salvador Aguilar and WPScan for reporting these findings):

• /wp-content/uploads/kaswara/icons/kntl/img.php
• /wp-content/uploads/kaswara/fonts_icon/15/icons.php
• /wp-content/uploads/kaswara/icons/brt/t.php
• /wp-content/uploads/kaswara/fonts_icon/jg4/coder.php

We will update this section as we learn more.

Response timeline

April 21, 2021 2:22 PM UTC – New vulnerability entry in WPScan reporting 0-day vulnerability in the Modern WPBakery Page Builder Addons plugin. Wordfence Threat Intelligence is alerted to the new vulnerability report and begins to triage the vulnerability immediately.
April 21, 2021 2:57 PM UTC – We verify the existence of the vulnerability and create a proof of concept.
April 21, 2021 3:00 PM UTC – We create and begin testing a firewall rule to protect against the vulnerability.
April 21, 2021 3:08 PM UTC – We discover additional vulnerable endpoints and tailor the WAF rule to provide protection against these additional vulnerabilities. Testing continues on WAF rule.
April 21, 2021 3:48 PM UTC – The first firewall rule is deployed to premium users.
April 21, 2021 4:14 PM UTC – We create and begin testing a second firewall rule to protect against additional vulnerabilities found in the plugin.
April 21, 2021 4:26 PM UTC – The second firewall rule is deployed to premium users.
May 21, 2021 – Wordfence Free users receive the firewall rules.

Wpbakery Page Builder 6.1

Conclusion

In today's post, we detailed a zero-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a plugin containing numerous vulnerabilities unauthenticated attackers can use to upload malicious files, among many other flaws. This can be used to completely take over a WordPress site. These vulnerabilities currently remain unpatched as of this morning and, therefore, we strongly recommend deactivating and removing the plugin until a patch has been released. Due to the developer's unresponsiveness, a patch may not be released, in which case we recommend finding a reasonable replacement that is being actively maintained by its developer.

Wpbakery Page Builder Not Working

Wordfence Premium customers received firewall rules on April 21, 2021 to protect against the active exploitation of this vulnerability and the additional vulnerabilities we discovered. Wordfence users still using the free version will receive the same protection on May 21, 2021.

Please forward and share this post widely so that those WordPress site owners using this vulnerable plugin can take fast action to protect their sites as this zero-day vulnerability is currently being exploited in the wild.

At this time, we are releasing minimal details due to this being an actively exploited vulnerability with no available patch. We may decide to release more details in the future, but in the meantime we recommend you take appropriate measures to secure your site.

Indicators of Compromise

At this time, we have limited indicators of compromise. However, based on the functionality of the vulnerability we recommend checking the /wp-content/uploads/kaswara/ directory and all subdirectories for any PHP files. If you find a PHP file in this directory, you can assume that your site has been compromised and you should trigger the site cleaning process that is outlined here.

The following files being found on infected sites (special thanks to Salvador Aguilar and WPScan for reporting these findings):

• /wp-content/uploads/kaswara/icons/kntl/img.php
• /wp-content/uploads/kaswara/fonts_icon/15/icons.php
• /wp-content/uploads/kaswara/icons/brt/t.php
• /wp-content/uploads/kaswara/fonts_icon/jg4/coder.php

We will update this section as we learn more.

Response timeline

April 21, 2021 2:22 PM UTC – New vulnerability entry in WPScan reporting 0-day vulnerability in the Modern WPBakery Page Builder Addons plugin. Wordfence Threat Intelligence is alerted to the new vulnerability report and begins to triage the vulnerability immediately.
April 21, 2021 2:57 PM UTC – We verify the existence of the vulnerability and create a proof of concept.
April 21, 2021 3:00 PM UTC – We create and begin testing a firewall rule to protect against the vulnerability.
April 21, 2021 3:08 PM UTC – We discover additional vulnerable endpoints and tailor the WAF rule to provide protection against these additional vulnerabilities. Testing continues on WAF rule.
April 21, 2021 3:48 PM UTC – The first firewall rule is deployed to premium users.
April 21, 2021 4:14 PM UTC – We create and begin testing a second firewall rule to protect against additional vulnerabilities found in the plugin.
April 21, 2021 4:26 PM UTC – The second firewall rule is deployed to premium users.
May 21, 2021 – Wordfence Free users receive the firewall rules.

Wpbakery Page Builder 6.1

Conclusion

In today's post, we detailed a zero-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a plugin containing numerous vulnerabilities unauthenticated attackers can use to upload malicious files, among many other flaws. This can be used to completely take over a WordPress site. These vulnerabilities currently remain unpatched as of this morning and, therefore, we strongly recommend deactivating and removing the plugin until a patch has been released. Due to the developer's unresponsiveness, a patch may not be released, in which case we recommend finding a reasonable replacement that is being actively maintained by its developer.

Wpbakery Page Builder Not Working

Wordfence Premium customers received firewall rules on April 21, 2021 to protect against the active exploitation of this vulnerability and the additional vulnerabilities we discovered. Wordfence users still using the free version will receive the same protection on May 21, 2021.

Please forward and share this post widely so that those WordPress site owners using this vulnerable plugin can take fast action to protect their sites as this zero-day vulnerability is currently being exploited in the wild.

Special thanks to Ramuel Gall, Wordfence Threat Analyst and QA Engineer, for his research pertaining to the vulnerability and his assistance in getting a firewall rule out quickly to our customers.

Limitless Addons bundle for WPBakery Web page Builder (Visible Composer) with +700 addons and +30 Predefined Templates. All addons are completely distinctive, crafted individually to suit your WPBakery Web page Builder (Visible Composer) web site.

Limitless Addons for WPBakery Web page Builder Options

Wpbakery Page Builder 6.5

• 700+ distinctive addons with infinite prospects
• 30+ Predefined templates
• One click on import format from WPBakery Web page Builder (Visible Composer) web page
• Import solely the addons you need to use
• Lifetime Updates
• 24/7 Assist available to help you
• Effectively Documented
• Our addon library is rising every day and you'll get all our updates
• Capability to customise the HTML and CSS of the addons simply
• Easy Sliders (20)
• Banners (24)
• Pricing Tables (21)
• Content material Tabs (22)
• Testimonials & Critiques (23)
• Carousels (21)
• Content material Containers (43)
• Crew Members (26)
• Web site Headers (20)
• iHover Results (20)
• Icon Hover Results (9)
• Hyperlink Hover Results (21)
• Buttons (11)
• Content material Accordions (23)
• Timer Countdowns (23)
• Content material Tabs (22)
• Meals Menus (24)
• Social Community Icons (21)
• Product Containers (26)
• Google Charts (7)
• Video Teaser Popups (20)
• Widgets (10)
• Flip Containers (15)
• Video Galleries (7)
• Opening Hours (15)
• Mp3 Audio Gamers (15)
• Statistic Counters (23)
• Bullet Lists (25)
• Footers (20)

Download Limitless Addons for WPBakery Web page Builder

Be aware: In case you are having hassle with Limitless Addons for WPBakery Web page Builder Nulled free download, attempt to disable AD AdBlock for the location or strive one other Internet Browser. If disabling AD blocker or change Internet Browser not assist to you please contact us.