Defending a Million WordPress Sites Against a High-Risk Vulnerability
Our Threat Management team was on the spot again, working tirelessly to enhance the security of over one million WordPress sites. Recently, they developed a new WAF (Web Application Firewall) rule designed to fend off a particularly dangerous threat. This effort is part of our ongoing commitment to safeguard the web's most favored CMS from emerging vulnerabilities.
Unpacking CVE-2024-2879
The culprit this time is a critical flaw in the LayerSlider plugin for WordPress, identified as CVE-2024-2879. The vulnerability stems from two significant issues in versions 7.9.11 and 7.10.0 of the plugin. These are insufficient escaping of user-supplied parameters and inadequate preparation of the SQL queries. This combination of shortcomings allows unauthenticated attackers to manipulate SQL queries and potentially access sensitive data, including password hashes, from databases.
Why WordPress Security Matters
Rated a severe 9.8 out of 10 on the CVSS 3.0 scale, CVE-2024-2879 exposes more than a million sites to the risk of data theft. The flaw is specifically associated with the 'ls_get_popup_markup' action within the affected plugin versions, as reported by the security team at Wordfence.
WordPress, as the most popular content management system globally, is frequently targeted by cybercriminals. It's an attractive target due to its widespread use and the valuable data hosted on its platform. This makes the protection and proactive measures provided by our WAF module not just beneficial but essential.
Introducing WAF 3.0
In light of this, we're not just stopping at new rules. We are excited to announce the upcoming upgrade of our WAF module to WAF 3.0. This next-generation firewall represents a significant advancement in our defensive capabilities. Powered by a transition to Caddy and incorporating Golang-based technologies like ModSecurity and Coraza, WAF 3.0 promises to be faster, more efficient, and lighter than its predecessors.
Our Commitment: Securing the Web, One Site at a Time
Our team is continuously monitoring, analyzing, and responding to threats as they arise. This to ensure that your digital assets are protected around the clock. With WAF 3.0 on the horizon, we are gearing up to offer an even stronger shield against the many cyber threats facing web applications today.
Proactive server protection from a centralized, easy-to-use console. Secure your web servers and customers’ websites against all kinds of cyber threats with our multi-layered security tool
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.