I have deleted all the files and re-installed your latest version and received the same results that the above file is infected.
Can you advise if there is a problem or is this a false positive I need to feed back to my host?
Thanks
]]>
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/email-before-download/email-before-download-697-cross-site-request-forgery
Thank you for info regarding this issue
]]>The new Cloudflare WAF for everyone has recently affected our website. The “Free Cloudflare Managed Rulese”, as of today, contains the following rules:
- Log4J rules matching payloads in the URI and HTTP headers;
- Shellshock rules;
- Rules matching very common WordPress exploits;
It looks like the teachPress URL to delete publication entries triggers the “Sorry, you have been blocked” screen from Cloudflare.
The solution I found is to remove the “orderby=” part of the URL (for example: “orderby=date+DESC%2C+title+ASC”). Everything works as expected and the block is not triggered.
Hope it helps and it can be implemented soon!
Best regards,
Rapsssito
WordPress Headless CMS Plugin <= 2.0.3?is vulnerable to Broken Authentication
https://patchstack.com/database/vulnerability/headless-cms/wordpress-headless-cms-plugin-2-0-3-broken-authentication-vulnerability
]]>[22-May-2023 21:51:08 UTC] PHP Warning: file_put_contents(/www/devph_206/public/wp-content/cache/flying-press/www.acornfinance.com//devmode.actionindex-debug=command-expression=(#_memberAccess[“allowStaticMethodAccess”]=true,#foo=new java.lang.Boolean(“false”) ,#context[“xwork.MethodAccessor.denyMethodExecution”]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(‘cat /etc/passwd’).getInputStream())).html): Failed to open stream: File name too long in /www/devph_206/public/wp-content/plugins/flying-press/src/Caching.php on line 106
[22-May-2023 21:52:58 UTC] PHP Warning: file_put_contents(/www/devph_206/public/wp-content/cache/flying-press/www.acornfinance.com//index.actionindex-cmd=cat /etc/passwd-encoding=UTF-8-method:#_memberAccess=@ognl_OgnlContext@DEFAULT_MEMBER_ACCESS,#res=@org_apache_struts2_ServletActionContext@getResponse(),#res_setCharacterEncoding(#parameters_encoding=Array-ppp= .html): Failed to open stream: No such file or directory in /www/devph_206/public/wp-content/plugins/flying-press/src/Caching.php on line 106
[22-May-2023 21:53:03 UTC] PHP Warning: file_put_contents(/www/devph_206/public/wp-content/cache/flying-press/www.acornfinance.com//api/pingindex-count=5-host=cat /etc/passwd-port=80-source=1.1.1.1-type=icmp.html): Failed to open stream: No such file or directory in /www/devph_206/public/wp-content/plugins/flying-press/src/Caching.php on line 106
]]>CVE-2021-24752, CVE-2022-0440, CVE-2021-39352
]]>it has vulnerabilities!
(Exploit safemode_bypass Line: 472 DangerousRCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine)
Link ]]>
https://patchstack.com/database/vulnerability/imagemagick-engine/wordpress-imagemagick-engine-plugin-1-7-4-auth-remote-code-execution-rce-vulnerability
]]>