From 7638765b53f229873991fc05f5e7390d0691538e Mon Sep 17 00:00:00 2001 From: SirBroccoli Date: Sat, 4 Oct 2025 11:01:06 +0200 Subject: [PATCH] Update wordpress.md --- .../pentesting-web/wordpress.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/network-services-pentesting/pentesting-web/wordpress.md b/src/network-services-pentesting/pentesting-web/wordpress.md index c25e585e4..cf9b546a2 100644 --- a/src/network-services-pentesting/pentesting-web/wordpress.md +++ b/src/network-services-pentesting/pentesting-web/wordpress.md @@ -913,18 +913,6 @@ Hardening - Enforce allowlisted templates; resolve with realpath() and require str_starts_with(realpath(file), realpath(allowed_base)) - Normalize input; reject traversal sequences and absolute paths; use sanitize_file_name() only for filenames (not full paths) ---- - -### Operational detection and virtual patching tips (application layer) - -Until vendors ship fixes, block high-risk routes/parameters at the application layer (e.g., WAF/virtual patching engines that understand WordPress semantics): - -- Block unauthenticated POSTs to /wp-json/sure-triggers/v1/connection/create-wp-connection -- Enforce capability-aware blocks on /plugin/install_and_activate for non-admin callers -- For depicter-* actions, drop requests where s contains SQLi metas ("'", '"', '/*', '*/', '--', ';', 'or ', 'union ', 'select '), tuned per-site -- For __kubio-site-edit-iframe-classic-template, block traversal patterns (../, ..\) and absolute paths - -Logging: monitor for hits to the above and alert on nonces used pre-auth or surges in depicter-* queries. ## References