Vulnerability Overview

This issue is officially logged as CVE-2021–25094, and it presents a serious security risk, allowing malicious individuals to execute code remotely on your site. Fortunately, the developers of Tatsu released a patch in April 2022 to counteract this vulnerability. However, it is concerning that only about half of the users have applied this update. This means there are still at least 50,000 websites at risk with outdated versions of the plugin.

If your site is still running version 3.3.12 or earlier, it is imperative to update immediately.

Initial Findings

A special acknowledgment goes to independent security researcher Vincent Michel, who uncovered this vulnerability and publicly disclosed it on March 28, 2022, including proof of concept code to demonstrate the exploit.

A Critical Update

Wordfence, a prominent team of WordPress security specialists, has been closely monitoring the situation and has reported alarming findings. They have identified a widespread attack campaign, tracking over one million attempts to exploit this vulnerability. The majority of these attacks have originated from three specific IP addresses:

• 148.251.183.254
• 176.9.117.218
• 217.160.145.62

If you are an administrator or have access to one, it is highly recommended to block these IP addresses and update your IP Blocklist accordingly.

This information requires significant effort and research to compile. If you appreciate my content, please consider following me and giving a clap. Thank you!