Defending a Million WordPress Sites Against a High-Risk Vulnerability

Our Threat Management team was on the spot again, working tirelessly to enhance the security of over one million WordPress sites. Recently, they developed a new WAF (Web Application Firewall) rule designed to fend off a particularly dangerous threat. This effort is part of our ongoing commitment to safeguard the web's most favored CMS from emerging vulnerabilities.

Unpacking CVE-2024-2879

The culprit this time is a critical flaw in the LayerSlider plugin for WordPress, identified as CVE-2024-2879. The vulnerability stems from two significant issues in versions 7.9.11 and 7.10.0 of the plugin. These are insufficient escaping of user-supplied parameters and inadequate preparation of the SQL queries. This combination of shortcomings allows unauthenticated attackers to manipulate SQL queries and potentially access sensitive data, including password hashes, from databases.

Why WordPress Security Matters

Rated a severe 9.8 out of 10 on the CVSS 3.0 scale, CVE-2024-2879 exposes more than a million sites to the risk of data theft. The flaw is specifically associated with the 'ls_get_popup_markup' action within the affected plugin versions, as reported by the security team at Wordfence.

WordPress, as the most popular content management system globally, is frequently targeted by cybercriminals. It's an attractive target due to its widespread use and the valuable data hosted on its platform. This makes the protection and proactive measures provided by our WAF module not just beneficial but essential.

Introducing WAF 3.0

In light of this, we're not just stopping at new rules. We are excited to announce the upcoming upgrade of our WAF module to WAF 3.0. This next-generation firewall represents a significant advancement in our defensive capabilities. Powered by a transition to Caddy and incorporating Golang-based technologies like ModSecurity and Coraza, WAF 3.0 promises to be faster, more efficient, and lighter than its predecessors.

Our Commitment: Securing the Web, One Site at a Time

Our team is continuously monitoring, analyzing, and responding to threats as they arise. This to ensure that your digital assets are protected around the clock. With WAF 3.0 on the horizon, we are gearing up to offer an even stronger shield against the many cyber threats facing web applications today.

trial
If you have no more queries, 
take the next step and sign up!
Don’t worry, the installation process is quick and straightforward!
AICPA SOC BitNinja Server Security
Privacy Shield BitNinja Server Security
GDPR BitNinja Server Security
CCPA BitNinja Server Security
2024 BitNinja. All Rights reserved.
Hexa BitNinja Server SecurityHexa BitNinja Server Security
magnifiercross