A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
A no-code page builder WordPress plug-in, Tatsu Builder, has a known remote code execution (RCE) flaw that's under active attack, researchers report, exposing as many as 50,000 sites to takeover.
The Wordfence threat intelligence team is raising the alarm over what it calls a "widespread" attack attempting to exploit CVE-2021-25094, publicly disclosed on March 24. The vulnerability impacts both the premium and free versions of Tatsu Builder.
Because it's not listed on Wordpress.org, the team says it doesn't know exactly how many installations the plug-in has, but they estimate it's anywhere from 20,000 to 50,000 sites.
The Wordfence report says the Wordpress plug-in attacks first popped up on May 10, and by May 14 threat actors had already launched 5.9 million attacks against 1.4 million sites running Tatsu Builder.
“When it comes to cybersecurity, most organizations give little thought to their websites," Chris Olson, CEO of the Media Trust, said in a statement in reaction to the attacks. "The Tatsu vulnerability shows us why this is a mistake: websites — which play a key role in marketing and revenue generation — are increasingly targeted by hackers, making them a source of risk to customers and casual visitors."
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024