Open vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author braekling

    (@braekling)

    As I understand the post, it is referencing to old versions:

    A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites.

    Sadly, they don’t mention a version number and never told me about this issue. I’ll have a closer look to it up to tomorrow. If the current version is still vulnerable, I’ll provide a fix, of course.

    @braekling Maybe this helps:
    https://labs.sucuri.net/plugins-under-attack-june-2019/

    And for the others:
    I blocked all requests with String.fromCharCode in the URL hard in Nginx with response code 444. No serious URL should contain this ??

    location ~ String.fromCharCode {
	return 444;
	access_log	/var/log/nginx/bad.log	iponly;
}

    Cheers
    Christoph

    Plugin Author braekling

    (@braekling)

    Huh, obviously my reply containing a Postman sample was not accepted (or is still awaiting moderation).

    I’m not able to reproduce this issue with the latest version of WP-Matomo, so I want to share the Postman collection JSON I’m using for testing: https://justpaste.it/3n44u

    Maybe I’m missing something? Can somebody have a look at this?

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Open vulnerability’ is closed to new replies.