NinjaFirewall Full WAF vs WordPress WAF mode.
Revision: July 29, 2021 Since version 3.4, NinjaFirewall (WP and WP+) can be installed in two different modes: Full WAF or WordPress WAF. Full WAF mode…
Tag: WordPress
Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.
On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000…
Blocking a WordPress XML-RPC attack with the Linux kernel firewall.
One of our customers faced a large attack against his WordPress blog xmlrpc.php script. When I connected to his server, the CPU load was over 100.…
All In One WP Security & Firewall multiple XSS vulnerabilities (<=4.0.7).
NinTechNet identified multiple XSS vulnerabilities in the All In One WP Security & Firewall v4.0.7 plugin. The affected parameter was ‘tab’ (all pages): /wp-admin/admin.php?page=aiowpsec&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_settings&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_useracc&tab=[XSS]…
NinjaFirewall (WP Edition): The .htninja configuration file
NinjaFirewall (WP/WP+ Edition) can use an optional configuration file that allows users to prepend their own PHP code to the firewall.