WooCommerce Premium

In Plesk the admin can set following inside the panel.ini to turn off vulnerability scan:

[ext-wp-toolkit]
vulnerabilityFeature = false

Maybe this can help you: https://shieldfy.io/security-wiki/server-side-request-forgery/server-side-request-forgery/

Hmmm…WPScan is not finding any vulnerabilities.

Version 5.2.0.2 is vulnerable: https://patchstack.com/database/vulnerability/instant-images/wordpress-instant-images-5-1-0-1-auth-server-side-request-forgery-ssrf-vulnerability

Fix it, please.

waiting for response from patchstack, please

There is now public version 5.2.0.2 available. But the Plugin is in Plesk and Patchstack still vulnerable.

Same Problem here with version 5.2.0.1. Should be fixed in the latest version. But latest public version is still 5.2.0.1.

It seems to be resolved.

I have version 4.7.2. There is no newer version.

Login is there required. But sorry, i don’t have an account on that site. I don’t have premium.

It happens on following URL: https://www.coegmbh.de/wp-login.php

Hello Bill,

Thank you so much!

I wrote a little PHP script. As is well known, the plugin sends emails. I receive these emails in a specific mailbox. Every minute the script fetches the e-mails from the e-mail inbox and reads the IP addresses and forwards them to Fail2Ban. The script has been running smoothly for 24 hours.

Best wishes
Ben

Hello Bill,

many thanks for reply.

It works on every linux platform because the fail2ban command is always the same. only the jail has to be to adjust:

– apache-badbot is standard
– plesk-apache-badbot is apache inside plesk platform

I’m only asking because the WordPress filter won’t affect your code as long as you put it at the end of the function. And I save the adjustments regarding fail2ban with your updates.

greetings,
Ben