Questions about WP vulnerability CVE-2018-12895

Question

Hi All - Do we know if F5 ASM has ability to detect and block exploits related to WP vulnerability. &nbsp;
The CVE is CVE-2018-12895 - &nbsp;

*https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
   The folks who discovered it. Claims WP has known about this for 7 months and still hasn’t alerted the public.
Contains all technical details
2https://nvd.nist.gov/vuln/detail/CVE-2018-12895

Please let us know what we can do to protect our sites. &nbsp;
Thanks so much ! &nbsp;

samstep · Answer

ASM standard directory traversal attack signatures will provide built-in protection from CVE-2018-12895. WordPress v4.9.8 is now out with a fix for this vulnerability.&nbsp;

Forum Discussion

Questions about WP vulnerability CVE-2018-12895

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

Python script to test if a F5 BIG-IP is vulnerable to cve-2023-46747