Wordfence Security – Firewall & Malware Scan - Version 5.2.4

Version Description

  • Security release. Upgrade immediately.
  • This release fixes an XSS vunlerability on Wordfence "view all traffic from IP" page.
  • Also fixes a hard to exploit XSS which exists if you have your site as the default site on your web server, falcon enabled and debugging comments enabled.
  • Improves Revolution Slider proteciton.
  • Fixed bypass for fake googlebot blocking.
Download this release

Release Info

Developer mmaunder
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 5.2.4
Comparing to
See all releases

Code changes from version 5.2.3 to 5.2.4

lib/IPTraf.php CHANGED
@@ -9,7 +9,11 @@
9
<?php foreach($results as $key => $v){ ?>
10
<tr><th>Time:</th><td><?php echo $v['timeAgo'] ?> ago -- <?php echo date(DATE_RFC822, $v['ctime']); ?> -- <?php echo $v['ctime']; ?> in Unixtime</td></tr>
11
<?php if($v['timeSinceLastHit']){ echo '<th>Secs since last hit:</th><td>' . $v['timeSinceLastHit'] . '</td></tr>'; } ?>
12
<tr><th>URL:</th><td><a href="<?php echo $v['URL']; ?>" target="_blank"><?php echo $v['URL']; ?></a></td></tr>
13
<tr><th>Type:</th><td><?php if($v['type'] == 'hit'){ echo 'Normal request'; } else if($v['type'] == '404'){ echo '<span style="color: #F00;">Page not found</span>'; } ?></td></tr>
14
<?php if($v['referer']){ ?><tr><th>Referrer:</th><td><a href="<?php echo $v['referer']; ?>" target="_blank"><?php echo $v['referer']; ?></a></td></tr><?php } ?>
15
<tr><th>Full Browser ID:</th><td><?php echo esc_html($v['UA']); ?></td></tr>
9
<?php foreach($results as $key => $v){ ?>
10
<tr><th>Time:</th><td><?php echo $v['timeAgo'] ?> ago -- <?php echo date(DATE_RFC822, $v['ctime']); ?> -- <?php echo $v['ctime']; ?> in Unixtime</td></tr>
11
<?php if($v['timeSinceLastHit']){ echo '<th>Secs since last hit:</th><td>' . $v['timeSinceLastHit'] . '</td></tr>'; } ?>
12
+ <?php if(wfUtils::hasXSS($v['URL'])){ ?>
13
+ <tr><th>URL:</th><td><span style="color: #F00;">Possible XSS code filtered out for your security</span></td></tr>
14
+ <?php } else { ?>
15
<tr><th>URL:</th><td><a href="<?php echo $v['URL']; ?>" target="_blank"><?php echo $v['URL']; ?></a></td></tr>
16
+ <?php } ?>
17
<tr><th>Type:</th><td><?php if($v['type'] == 'hit'){ echo 'Normal request'; } else if($v['type'] == '404'){ echo '<span style="color: #F00;">Page not found</span>'; } ?></td></tr>
18
<?php if($v['referer']){ ?><tr><th>Referrer:</th><td><a href="<?php echo $v['referer']; ?>" target="_blank"><?php echo $v['referer']; ?></a></td></tr><?php } ?>
19
<tr><th>Full Browser ID:</th><td><?php echo esc_html($v['UA']); ?></td></tr>
lib/wfCache.php CHANGED
@@ -154,8 +154,8 @@ class wfCache {
154
$append .= "Time created on server: " . date('Y-m-d H:i:s T') . ". ";
155
$append .= "Is HTTPS page: " . (self::isHTTPSPage() ? 'HTTPS' : 'no') . ". ";
156
$append .= "Page size: " . strlen($buffer) . " bytes. ";
157
- $append .= "Host: " . ($_SERVER['HTTP_HOST'] ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']) . ". ";
158
- $append .= "Request URI: " . $_SERVER['REQUEST_URI'] . " ";
159
$appendGzip = $append . " Encoding: GZEncode -->\n";
160
$append .= " Encoding: Uncompressed -->\n";
161
}
154
$append .= "Time created on server: " . date('Y-m-d H:i:s T') . ". ";
155
$append .= "Is HTTPS page: " . (self::isHTTPSPage() ? 'HTTPS' : 'no') . ". ";
156
$append .= "Page size: " . strlen($buffer) . " bytes. ";
157
+ $append .= "Host: " . ($_SERVER['HTTP_HOST'] ? htmlentities($_SERVER['HTTP_HOST']) : htmlentities($_SERVER['SERVER_NAME'])) . ". ";
158
+ $append .= "Request URI: " . htmlentities($_SERVER['REQUEST_URI']) . " ";
159
$appendGzip = $append . " Encoding: GZEncode -->\n";
160
$append .= " Encoding: Uncompressed -->\n";
161
}
lib/wfLog.php CHANGED
@@ -505,7 +505,7 @@ class wfLog {
505
$res['IP'] = wfUtils::inet_ntoa($res['IP']);
506
$res['extReferer'] = false;
507
if(isset( $res['referer'] ) && $res['referer']){
508
- if(! preg_match('/^https?:\/\/[a-z0-9\.\-]+\/[^\':<>\"\\\]*#x2F;i', $res['referer'] )){ //filtering out XSS
509
$res['referer'] = '';
510
}
511
}
505
$res['IP'] = wfUtils::inet_ntoa($res['IP']);
506
$res['extReferer'] = false;
507
if(isset( $res['referer'] ) && $res['referer']){
508
+ if(wfUtils::hasXSS($res['referer'] )){ //filtering out XSS
509
$res['referer'] = '';
510
}
511
}
lib/wfUtils.php CHANGED
@@ -136,7 +136,7 @@ class wfUtils {
136
public static function getIP(){
137
//You can use the following examples to force Wordfence to think a visitor has a certain IP if you're testing. Remember to re-comment this out or you will break Wordfence badly.
138
//return '1.2.33.57';
139
- //return '4.2.3.14';
140
//return self::makeRandomIP();
141
142
$howGet = wfConfig::get('howGetIPs', false);
@@ -642,6 +642,13 @@ class wfUtils {
642
}
643
return true;
644
}
645
}
646
647
136
public static function getIP(){
137
//You can use the following examples to force Wordfence to think a visitor has a certain IP if you're testing. Remember to re-comment this out or you will break Wordfence badly.
138
//return '1.2.33.57';
139
+ //return '4.22.23.114';
140
//return self::makeRandomIP();
141
142
$howGet = wfConfig::get('howGetIPs', false);
642
}
643
return true;
644
}
645
+ public static function hasXSS($URL){
646
+ if(! preg_match('/^https?:\/\/[a-z0-9\.\-]+\/[^\':<>\"\\\]*#x2F;i', $URL)){
647
+ return true;
648
+ } else {
649
+ return false;
650
+ }
651
+ }
652
}
653
654
lib/wordfenceClass.php CHANGED
@@ -332,7 +332,10 @@ class wordfence {
332
}
333
public static function initProtection(){
334
if(preg_match('/\/wp\-admin\/admin\-ajax\.php/', $_SERVER['REQUEST_URI'])){
335
- if(isset($_REQUEST['action']) && $_REQUEST['action'] == 'revslider_show_image' && isset($_REQUEST['img']) && preg_match('/\.php#x2F;i', $_REQUEST['img']) ){
336
self::getLog()->do503(86400, "URL not allowed. Slider Revolution Hack attempt detected. #2");
337
exit(); //function above exits anyway
338
}
@@ -1881,7 +1884,7 @@ class wordfence {
1881
return array('err' => 1, 'errorMsg' => "The IP address " . htmlentities($IP) . " is whitelisted and can't be blocked or it is in a range of internal IP addresses that Wordfence does not block. You can remove this IP from the whitelist on the Wordfence options page.");
1882
}
1883
if(wfConfig::get('neverBlockBG') != 'treatAsOtherCrawlers'){ //Either neverBlockVerified or neverBlockUA is selected which means the user doesn't want to block google
1884
- if(wfCrawl::verifyCrawlerPTR('/googlebot\.com#x2F;i', $IP)){
1885
return array('err' => 1, 'errorMsg' => "The IP address you're trying to block belongs to Google. Your options are currently set to not block these crawlers. Change this in Wordfence options if you want to manually block Google.");
1886
}
1887
}
332
}
333
public static function initProtection(){
334
if(preg_match('/\/wp\-admin\/admin\-ajax\.php/', $_SERVER['REQUEST_URI'])){
335
+ if(
336
+ (isset($_GET['action']) && $_GET['action'] == 'revslider_show_image' && isset($_GET['img']) && preg_match('/\.php#x2F;i', $_GET['img'])) ||
337
+ (isset($_POST['action']) && $_POST['action'] == 'revslider_show_image' && isset($_POST['img']) && preg_match('/\.php#x2F;i', $_POST['img']))
338
+ ){
339
self::getLog()->do503(86400, "URL not allowed. Slider Revolution Hack attempt detected. #2");
340
exit(); //function above exits anyway
341
}
1884
return array('err' => 1, 'errorMsg' => "The IP address " . htmlentities($IP) . " is whitelisted and can't be blocked or it is in a range of internal IP addresses that Wordfence does not block. You can remove this IP from the whitelist on the Wordfence options page.");
1885
}
1886
if(wfConfig::get('neverBlockBG') != 'treatAsOtherCrawlers'){ //Either neverBlockVerified or neverBlockUA is selected which means the user doesn't want to block google
1887
+ if(wfCrawl::verifyCrawlerPTR('/\.googlebot\.com#x2F;i', $IP)){
1888
return array('err' => 1, 'errorMsg' => "The IP address you're trying to block belongs to Google. Your options are currently set to not block these crawlers. Change this in Wordfence options if you want to manually block Google.");
1889
}
1890
}
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mmaunder
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 4.0
6
- Stable tag: 5.2.3
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
@@ -163,6 +163,13 @@ cause a security hole on your site.
163
164
== Changelog ==
165
166
= 5.2.3 =
167
* Updated Geo IP country database to newest version (September 2014 edition)
168
* Security fix. Improved referrer sanitization in live traffic.
3
Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching
4
Requires at least: 3.3.1
5
Tested up to: 4.0
6
+ Stable tag: 5.2.4
7
8
Wordfence Security is a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
9
163
164
== Changelog ==
165
166
+ = 5.2.4 =
167
+ * Security release. Upgrade immediately.
168
+ * This release fixes an XSS vunlerability on Wordfence "view all traffic from IP" page.
169
+ * Also fixes a hard to exploit XSS which exists if you have your site as the default site on your web server, falcon enabled and debugging comments enabled.
170
+ * Improves Revolution Slider proteciton.
171
+ * Fixed bypass for fake googlebot blocking.
172
+
173
= 5.2.3 =
174
* Updated Geo IP country database to newest version (September 2014 edition)
175
* Security fix. Improved referrer sanitization in live traffic.
wordfence.php CHANGED
@@ -4,13 +4,13 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
- Version: 5.2.3
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
- define('WORDFENCE_VERSION', '5.2.3');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache
6
Author: Wordfence
7
+ Version: 5.2.4
8
Author URI: http://www.wordfence.com/
9
*/
10
if(defined('WP_INSTALLING') && WP_INSTALLING){
11
return;
12
}
13
+ define('WORDFENCE_VERSION', '5.2.4');
14
if(get_option('wordfenceActivated') != 1){
15
add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error', ob_get_contents()); }
16
}