Unknown admin-ajax and admin-post action
-
My latest finding in field of WP security is
Unknown admin-ajax and admin-post action
See Revolution Slider vulnerability.You could check for this. I do not know yet how.
The protection is as follows:// Unknown admin-ajax and admin-post action add_action( 'all', array( $this, 'gs_all_action' ), 0 ); function gs_all_action( $tag ) { global $wp_filter; if ( ( 'admin_post_' === substr( $tag, 0, 11 ) || 'wp_ajax_' === substr( $tag, 0, 8 ) ) && ! isset( $wp_filter[ $tag ] ) ) { // trigger mod_security, fail2ban, nginx naxsi etc. // Helps learning attack internals error_log( 'HTTP REQUEST: ' . addslashes( serialize( $_REQUEST ) ) ); ob_get_level() && ob_end_clean(); header( 'Status: 403 Forbidden' ); header( 'HTTP/1.0 403 Forbidden' ); exit(); } }
Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Unknown admin-ajax and admin-post action’ is closed to new replies.