Our dedicated Threat Management Team works tirelessly to stay updated with the latest vulnerabilities and create powerful Web Application Firewall (WAF) rules to keep your online assets secure. In the past, we've discussed numerous vulnerabilities and introduced new WAF rules to keep you safe. Today, we're proud to announce the addition of four new WAF rules designed to protect against not only WordPress vulnerabilities but also another popular platform.
PrestaShop Vulnerability
CVE-2023-39526
SQLi to File Upload Vulnerability in SQL Manager for PrestaShop
- PrestaShop is a widely used open-source e-commerce web application.
- Vulnerable versions: Prior to 1.7.8.10, 8.0.5, and 8.1.1.
- Vulnerability details: This vulnerability allows remote code execution through SQL injection and arbitrary file write in the back office.
- Patched versions: Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch.
WordPress Plugin Vulnerabilities
CVE-2023-4404
Unauthenticated Privilege Escalation in Donation Forms by Charitable
- Plugin for WordPress: Donation Forms by Charitable.
- Vulnerable versions: Up to and including 1.7.0.12.
- Vulnerability details: The vulnerability allows unauthenticated attackers to specify their user role by supplying the 'role' parameter during registration.
- Protect your website: Update the Charitable plugin to the latest version to mitigate this risk.
CVE-2023-4598
Blind Authenticated SQLi Vulnerability in Slimstat Analytics (WP)
- Plugin for WordPress: Slimstat Analytics.
- Vulnerable versions: Up to and including 5.0.9.
- Vulnerability details: Authenticated attackers with contributor-level permissions can inject SQL queries into existing queries, potentially compromising sensitive data.
- Stay secure: Upgrade your Slimstat Analytics plugin to the most recent version to block this attack vector.
CVE-2023-4634
RCE in WordPress Media-Library Plugin < 3.10
- Plugin for WordPress: Media Library Assistant.
- Vulnerable versions: Up to and including 3.09.
- Vulnerability details: This vulnerability allows unauthenticated attackers to perform local file inclusion and remote code execution due to insufficient controls on file paths.
- Action required: Upgrade the Media Library Assistant plugin to version 3.10 or newer to prevent potential exploitation.
Conclusion
We're committed to staying one step ahead of the threats and vulnerabilities that can put your online assets at risk. With the introduction of these four new WAF rules, we're providing an additional layer of security that goes beyond WordPress vulnerabilities. We encourage all our users to stay proactive by keeping their plugins and software up to date, as well as regularly monitoring their web applications for any signs of compromise.
Your online security is our top priority, and we will continue to evolve our protection mechanisms to keep you safe in this ever-changing landscape.