Wordfence Security – Firewall & Malware Scan - Version 7.4.5

Version Description

  • January 15, 2020 =
  • Improvement: Improved WAF coverage for an Infinite WP authentication bypass vulnerability. Credit to Marc Montpas for finding a bypass.
Download this release

Release Info

Developer wfryan
Plugin Icon 128x128 Wordfence Security – Firewall & Malware Scan
Version 7.4.5
Comparing to
See all releases

Code changes from version 7.4.4 to 7.4.5

Files changed (60) hide show
  1. css/{activity-report-widget.1579033043.css → activity-report-widget.1579191227.css} +0 -0
  2. css/{diff.1579033043.css → diff.1579191227.css} +0 -0
  3. css/{dt_table.1579033043.css → dt_table.1579191227.css} +0 -0
  4. css/{fullLog.1579033043.css → fullLog.1579191227.css} +0 -0
  5. css/{iptraf.1579033043.css → iptraf.1579191227.css} +0 -0
  6. css/{jquery-ui-timepicker-addon.1579033043.css → jquery-ui-timepicker-addon.1579191227.css} +0 -0
  7. css/{jquery-ui.min.1579033043.css → jquery-ui.min.1579191227.css} +0 -0
  8. css/{jquery-ui.structure.min.1579033043.css → jquery-ui.structure.min.1579191227.css} +0 -0
  9. css/{jquery-ui.theme.min.1579033043.css → jquery-ui.theme.min.1579191227.css} +0 -0
  10. css/{main.1579033043.css → main.1579191227.css} +0 -0
  11. css/{phpinfo.1579033043.css → phpinfo.1579191227.css} +0 -0
  12. css/{wf-adminbar.1579033043.css → wf-adminbar.1579191227.css} +0 -0
  13. css/{wf-colorbox.1579033043.css → wf-colorbox.1579191227.css} +0 -0
  14. css/{wf-font-awesome.1579033043.css → wf-font-awesome.1579191227.css} +0 -0
  15. css/{wf-global.1579033043.css → wf-global.1579191227.css} +0 -0
  16. css/{wf-ionicons.1579033043.css → wf-ionicons.1579191227.css} +0 -0
  17. css/{wf-onboarding.1579033043.css → wf-onboarding.1579191227.css} +0 -0
  18. css/{wf-roboto-font.1579033043.css → wf-roboto-font.1579191227.css} +0 -0
  19. css/{wfselect2.min.1579033043.css → wfselect2.min.1579191227.css} +0 -0
  20. css/{wordfenceBox.1579033043.css → wordfenceBox.1579191227.css} +0 -0
  21. js/{Chart.bundle.min.1579033043.js → Chart.bundle.min.1579191227.js} +0 -0
  22. js/{admin.1579033043.js → admin.1579191227.js} +0 -0
  23. js/{admin.ajaxWatcher.1579033043.js → admin.ajaxWatcher.1579191227.js} +0 -0
  24. js/{admin.liveTraffic.1579033043.js → admin.liveTraffic.1579191227.js} +0 -0
  25. js/{date.1579033043.js → date.1579191227.js} +0 -0
  26. js/{jquery-ui-timepicker-addon.1579033043.js → jquery-ui-timepicker-addon.1579191227.js} +0 -0
  27. js/{jquery.colorbox-min.1579033043.js → jquery.colorbox-min.1579191227.js} +0 -0
  28. js/{jquery.colorbox.1579033043.js → jquery.colorbox.1579191227.js} +0 -0
  29. js/{jquery.dataTables.min.1579033043.js → jquery.dataTables.min.1579191227.js} +0 -0
  30. js/{jquery.qrcode.min.1579033043.js → jquery.qrcode.min.1579191227.js} +0 -0
  31. js/{jquery.tmpl.min.1579033043.js → jquery.tmpl.min.1579191227.js} +0 -0
  32. js/{jquery.tools.min.1579033043.js → jquery.tools.min.1579191227.js} +0 -0
  33. js/{knockout-3.3.0.1579033043.js → knockout-3.3.0.1579191227.js} +0 -0
  34. js/{wfdashboard.1579033043.js → wfdashboard.1579191227.js} +0 -0
  35. js/{wfdropdown.1579033043.js → wfdropdown.1579191227.js} +0 -0
  36. js/{wfglobal.1579033043.js → wfglobal.1579191227.js} +0 -0
  37. js/{wfpopover.1579033043.js → wfpopover.1579191227.js} +0 -0
  38. js/{wfselect2.min.1579033043.js → wfselect2.min.1579191227.js} +0 -0
  39. lib/wordfenceClass.php +3 -2
  40. modules/login-security/css/{admin-global.1579033043.css → admin-global.1579191227.css} +0 -0
  41. modules/login-security/css/{admin.1579033043.css → admin.1579191227.css} +0 -0
  42. modules/login-security/css/{colorbox.1579033043.css → colorbox.1579191227.css} +0 -0
  43. modules/login-security/css/{font-awesome.1579033043.css → font-awesome.1579191227.css} +0 -0
  44. modules/login-security/css/{ionicons.1579033043.css → ionicons.1579191227.css} +0 -0
  45. modules/login-security/css/{jquery-ui-timepicker-addon.1579033043.css → jquery-ui-timepicker-addon.1579191227.css} +0 -0
  46. modules/login-security/css/{jquery-ui.min.1579033043.css → jquery-ui.min.1579191227.css} +0 -0
  47. modules/login-security/css/{jquery-ui.structure.min.1579033043.css → jquery-ui.structure.min.1579191227.css} +0 -0
  48. modules/login-security/css/{jquery-ui.theme.min.1579033043.css → jquery-ui.theme.min.1579191227.css} +0 -0
  49. modules/login-security/css/{login.1579033043.css → login.1579191227.css} +0 -0
  50. modules/login-security/js/{admin-global.1579033043.js → admin-global.1579191227.js} +0 -0
  51. modules/login-security/js/{admin.1579033043.js → admin.1579191227.js} +0 -0
  52. modules/login-security/js/{jquery-ui-timepicker-addon.1579033043.js → jquery-ui-timepicker-addon.1579191227.js} +0 -0
  53. modules/login-security/js/{jquery.colorbox.1579033043.js → jquery.colorbox.1579191227.js} +0 -0
  54. modules/login-security/js/{jquery.colorbox.min.1579033043.js → jquery.colorbox.min.1579191227.js} +0 -0
  55. modules/login-security/js/{jquery.qrcode.min.1579033043.js → jquery.qrcode.min.1579191227.js} +0 -0
  56. modules/login-security/js/{jquery.tmpl.min.1579033043.js → jquery.tmpl.min.1579191227.js} +0 -0
  57. modules/login-security/js/{login.1579033043.js → login.1579191227.js} +0 -0
  58. modules/login-security/wordfence-login-security.php +1 -1
  59. readme.txt +4 -1
  60. wordfence.php +3 -3
css/{activity-report-widget.1579033043.css → activity-report-widget.1579191227.css} RENAMED
File without changes
css/{diff.1579033043.css → diff.1579191227.css} RENAMED
File without changes
css/{dt_table.1579033043.css → dt_table.1579191227.css} RENAMED
File without changes
css/{fullLog.1579033043.css → fullLog.1579191227.css} RENAMED
File without changes
css/{iptraf.1579033043.css → iptraf.1579191227.css} RENAMED
File without changes
css/{jquery-ui-timepicker-addon.1579033043.css → jquery-ui-timepicker-addon.1579191227.css} RENAMED
File without changes
css/{jquery-ui.min.1579033043.css → jquery-ui.min.1579191227.css} RENAMED
File without changes
css/{jquery-ui.structure.min.1579033043.css → jquery-ui.structure.min.1579191227.css} RENAMED
File without changes
css/{jquery-ui.theme.min.1579033043.css → jquery-ui.theme.min.1579191227.css} RENAMED
File without changes
css/{main.1579033043.css → main.1579191227.css} RENAMED
File without changes
css/{phpinfo.1579033043.css → phpinfo.1579191227.css} RENAMED
File without changes
css/{wf-adminbar.1579033043.css → wf-adminbar.1579191227.css} RENAMED
File without changes
css/{wf-colorbox.1579033043.css → wf-colorbox.1579191227.css} RENAMED
File without changes
css/{wf-font-awesome.1579033043.css → wf-font-awesome.1579191227.css} RENAMED
File without changes
css/{wf-global.1579033043.css → wf-global.1579191227.css} RENAMED
File without changes
css/{wf-ionicons.1579033043.css → wf-ionicons.1579191227.css} RENAMED
File without changes
css/{wf-onboarding.1579033043.css → wf-onboarding.1579191227.css} RENAMED
File without changes
css/{wf-roboto-font.1579033043.css → wf-roboto-font.1579191227.css} RENAMED
File without changes
css/{wfselect2.min.1579033043.css → wfselect2.min.1579191227.css} RENAMED
File without changes
css/{wordfenceBox.1579033043.css → wordfenceBox.1579191227.css} RENAMED
File without changes
js/{Chart.bundle.min.1579033043.js → Chart.bundle.min.1579191227.js} RENAMED
File without changes
js/{admin.1579033043.js → admin.1579191227.js} RENAMED
File without changes
js/{admin.ajaxWatcher.1579033043.js → admin.ajaxWatcher.1579191227.js} RENAMED
File without changes
js/{admin.liveTraffic.1579033043.js → admin.liveTraffic.1579191227.js} RENAMED
File without changes
js/{date.1579033043.js → date.1579191227.js} RENAMED
File without changes
js/{jquery-ui-timepicker-addon.1579033043.js → jquery-ui-timepicker-addon.1579191227.js} RENAMED
File without changes
js/{jquery.colorbox-min.1579033043.js → jquery.colorbox-min.1579191227.js} RENAMED
File without changes
js/{jquery.colorbox.1579033043.js → jquery.colorbox.1579191227.js} RENAMED
File without changes
js/{jquery.dataTables.min.1579033043.js → jquery.dataTables.min.1579191227.js} RENAMED
File without changes
js/{jquery.qrcode.min.1579033043.js → jquery.qrcode.min.1579191227.js} RENAMED
File without changes
js/{jquery.tmpl.min.1579033043.js → jquery.tmpl.min.1579191227.js} RENAMED
File without changes
js/{jquery.tools.min.1579033043.js → jquery.tools.min.1579191227.js} RENAMED
File without changes
js/{knockout-3.3.0.1579033043.js → knockout-3.3.0.1579191227.js} RENAMED
File without changes
js/{wfdashboard.1579033043.js → wfdashboard.1579191227.js} RENAMED
File without changes
js/{wfdropdown.1579033043.js → wfdropdown.1579191227.js} RENAMED
File without changes
js/{wfglobal.1579033043.js → wfglobal.1579191227.js} RENAMED
File without changes
js/{wfpopover.1579033043.js → wfpopover.1579191227.js} RENAMED
File without changes
js/{wfselect2.min.1579033043.js → wfselect2.min.1579191227.js} RENAMED
File without changes
lib/wordfenceClass.php CHANGED
@@ -1119,8 +1119,9 @@ SQL
1119
$iwpRule = new wfWAFRule(wfWAF::getInstance(), 0x80000000, null, 'auth-bypass', 100, 'Infinite WP Client - Authentication Bypass < 1.9.4.5', 0, 'block', null);
1120
wfWAF::getInstance()->setRules(wfWAF::getInstance()->getRules() + array(0x80000000 => $iwpRule));
1121
1122
- if (preg_match('/^.*?_IWP_JSON_PREFIX_(.*)#x2F;s', wfWAF::getInstance()->getRequest()->getRawBody(), $matches)) {
1123
- $iwpRequest = json_decode(base64_decode($matches[1]), true);
1124
if (is_array($iwpRequest)) {
1125
if (array_key_exists('iwp_action', $iwpRequest) &&
1126
($iwpRequest['iwp_action'] === 'add_site' || $iwpRequest['iwp_action'] === 'readd_site')
1119
$iwpRule = new wfWAFRule(wfWAF::getInstance(), 0x80000000, null, 'auth-bypass', 100, 'Infinite WP Client - Authentication Bypass < 1.9.4.5', 0, 'block', null);
1120
wfWAF::getInstance()->setRules(wfWAF::getInstance()->getRules() + array(0x80000000 => $iwpRule));
1121
1122
+ if (strrpos(wfWAF::getInstance()->getRequest()->getRawBody(), '_IWP_JSON_PREFIX_') !== false) {
1123
+ $iwpRequestDataArray = explode('_IWP_JSON_PREFIX_', wfWAF::getInstance()->getRequest()->getRawBody());
1124
+ $iwpRequest = json_decode(trim(base64_decode($iwpRequestDataArray[1])), true);
1125
if (is_array($iwpRequest)) {
1126
if (array_key_exists('iwp_action', $iwpRequest) &&
1127
($iwpRequest['iwp_action'] === 'add_site' || $iwpRequest['iwp_action'] === 'readd_site')
modules/login-security/css/{admin-global.1579033043.css → admin-global.1579191227.css} RENAMED
File without changes
modules/login-security/css/{admin.1579033043.css → admin.1579191227.css} RENAMED
File without changes
modules/login-security/css/{colorbox.1579033043.css → colorbox.1579191227.css} RENAMED
File without changes
modules/login-security/css/{font-awesome.1579033043.css → font-awesome.1579191227.css} RENAMED
File without changes
modules/login-security/css/{ionicons.1579033043.css → ionicons.1579191227.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui-timepicker-addon.1579033043.css → jquery-ui-timepicker-addon.1579191227.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.min.1579033043.css → jquery-ui.min.1579191227.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.structure.min.1579033043.css → jquery-ui.structure.min.1579191227.css} RENAMED
File without changes
modules/login-security/css/{jquery-ui.theme.min.1579033043.css → jquery-ui.theme.min.1579191227.css} RENAMED
File without changes
modules/login-security/css/{login.1579033043.css → login.1579191227.css} RENAMED
File without changes
modules/login-security/js/{admin-global.1579033043.js → admin-global.1579191227.js} RENAMED
File without changes
modules/login-security/js/{admin.1579033043.js → admin.1579191227.js} RENAMED
File without changes
modules/login-security/js/{jquery-ui-timepicker-addon.1579033043.js → jquery-ui-timepicker-addon.1579191227.js} RENAMED
File without changes
modules/login-security/js/{jquery.colorbox.1579033043.js → jquery.colorbox.1579191227.js} RENAMED
File without changes
modules/login-security/js/{jquery.colorbox.min.1579033043.js → jquery.colorbox.min.1579191227.js} RENAMED
File without changes
modules/login-security/js/{jquery.qrcode.min.1579033043.js → jquery.qrcode.min.1579191227.js} RENAMED
File without changes
modules/login-security/js/{jquery.tmpl.min.1579033043.js → jquery.tmpl.min.1579191227.js} RENAMED
File without changes
modules/login-security/js/{login.1579033043.js → login.1579191227.js} RENAMED
File without changes
modules/login-security/wordfence-login-security.php CHANGED
@@ -27,7 +27,7 @@ else {
27
define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
28
29
define('WORDFENCE_LS_VERSION', '1.0.5');
30
- define('WORDFENCE_LS_BUILD_NUMBER', '1579033043');
31
32
if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
33
27
define('WORDFENCE_LS_FROM_CORE', ($wfCoreActive && isset($wfCoreLoading) && $wfCoreLoading));
28
29
define('WORDFENCE_LS_VERSION', '1.0.5');
30
+ define('WORDFENCE_LS_BUILD_NUMBER', '1579191227');
31
32
if (!defined('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES')) { define('WORDFENCE_LS_EMAIL_VALIDITY_DURATION_MINUTES', 15); }
33
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: security, firewall, malware scanner, web application firewall, two factor
4
Requires at least: 3.9
5
Requires PHP: 5.3
6
Tested up to: 5.3
7
- Stable tag: 7.4.4
8
9
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
10
@@ -183,6 +183,9 @@ Secure your website with Wordfence.
183
184
== Changelog ==
185
186
= 7.4.4 - January 14, 2020 =
187
* Fix: Fixed a UI issue where the scan summary status marker for malware didn't always match the findings.
188
4
Requires at least: 3.9
5
Requires PHP: 5.3
6
Tested up to: 5.3
7
+ Stable tag: 7.4.5
8
9
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
10
183
184
== Changelog ==
185
186
+ = 7.4.5 - January 15, 2020 =
187
+ * Improvement: Improved WAF coverage for an Infinite WP authentication bypass vulnerability. Credit to Marc Montpas for finding a bypass.
188
+
189
= 7.4.4 - January 14, 2020 =
190
* Fix: Fixed a UI issue where the scan summary status marker for malware didn't always match the findings.
191
wordfence.php CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Wordfence Security
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6
Author: Wordfence
7
- Version: 7.4.4
8
Author URI: http://www.wordfence.com/
9
Network: true
10
*/
@@ -15,8 +15,8 @@ if(defined('WP_INSTALLING') && WP_INSTALLING){
15
if (!defined('ABSPATH')) {
16
exit;
17
}
18
- define('WORDFENCE_VERSION', '7.4.4');
19
- define('WORDFENCE_BUILD_NUMBER', '1579033043');
20
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
21
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
22
4
Plugin URI: http://www.wordfence.com/
5
Description: Wordfence Security - Anti-virus, Firewall and Malware Scan
6
Author: Wordfence
7
+ Version: 7.4.5
8
Author URI: http://www.wordfence.com/
9
Network: true
10
*/
15
if (!defined('ABSPATH')) {
16
exit;
17
}
18
+ define('WORDFENCE_VERSION', '7.4.5');
19
+ define('WORDFENCE_BUILD_NUMBER', '1579191227');
20
define('WORDFENCE_BASENAME', function_exists('plugin_basename') ? plugin_basename(__FILE__) :
21
basename(dirname(__FILE__)) . '/' . basename(__FILE__));
22