CVE-2021-24284

Name of the Vulnerable Software and Affected Versions Kaswara Modern VC Addons versions through 3.0.1

Description The issue is related to unlimited file upload of dangerous types. Exploitation can allow a remote attacker to upload and execute arbitrary files. The vulnerability allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action, with the supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts icon directory with no checks for malicious files such as PHP. It is estimated that over 8,000 sites are still using the plugin, and there has been a significant increase in attacks, with an average of 440,000 attempts per day from 10,215 attacking IP addresses. The attacks involve sending a POST request to /wp-admin/admin-ajax.php using the AJAX uploadFontIcon to upload a file to the vulnerable website. In some cases, a trojan called NDSW was used, which allowed code to be injected into legitimate JavaScript files and could be used to redirect users to malicious domains.

Recommendations For versions through 3.0.1, uninstall the Kaswara Modern VC Addons plugin immediately to prevent exploitation. As a temporary workaround, consider restricting access to the 'uploadFontIcon' AJAX action until the issue is resolved. Avoid using the uploadFontIcon action in the affected API endpoint until the issue is resolved.