Researchers have detected a massive campaign of scanning WordPress sites for a vulnerability that allowed uploading files without authentication. 

Hackers are targeting the Kaswara Modern WPBakery Page Builder that was abandoned by the developer and left vulnerable to an important security flaw tracked as CVE-2021-24284.

This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been previously disclosed and has not been patched on the now-closed plugin. 

All versions of the plugin are vulnerable to this exploit. This exploit can be used to upload a malicious PHP file to an affected website, leading to code execution and complete site takeover. Once attackers have established a foothold on the site, they can inject malicious JavaScript into files.

Though the size of the campaign is big with 1,599,852 unique sites targeted, only a small portion of them are running the vulnerable plugin.

Researchers at the Wordfence Threat Intelligence team observed an average of almost 500,000 attempted hacks per day.

The best course of action is to fully remove the Kaswara Modern WPBakery Page Builder Addons plugin as it has been closed and the developer was not responsive.