Technical Articles
F5 SMEs share good practice.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
Nir_Zigler_7297
Historic F5 Account

Last week, a critical vulnerability has been detected in WordPress 4.7/4.7.1 by Sucuri researchers: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

The vulnerability allows unauthenticated attackers to change the contents of posts in WordPress, using a simple GET or POST request.

This allows for as much as defacement or phishing attempts on WordPress sites. No evidence of this vulnerability leading to RCE has been reported yet.

ASM is able to mitigate this vulnerability using the following user-defined signatures:

content:"/wp-json/wp/v2/posts/"; nocase; content:"id="; nocase; re2:"/id=\s*?\+?\d+[^&\s\d]+?/i";
content:"/wp-json/wp/v2/posts/"; nocase; content:"|22|id|22|"; nocase; re2:"/\x22id\x22\s*?:\s*?\x22\s*?\+?\d+[^\x22\d]+?/i";
content:"/wp-json/wp/v2/posts/"; nocase; content:"|27|id|27|"; nocase; re2:"/\x27id\x27\s*?:\s*?\x22\s*?\+?\d+[^\x22\d]+?/i";

These signatures are expected to be included in the upcoming ASM security update, releasing next week.

WordPress administrators are encouraged to upgrade to WordPress 4.7.2 as soon as possible.

Version history
Last update:
‎23-Jun-2022 09:31
Updated by: