Issue
are there any plans for waf rules for CVE-2024-8353 (GiveWP <= 3.16.1)? https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection We are getting reports about sites in our infrastructure (mostly charity foundations) using this plugin. It's possible other rules are already blocking exploitation, I have been searching rules only by cve id, and didn't test any exploit.
Environment
- Imunify360
- ImunifyAV+
Solution
Please note that our developers are already addressing object injection vulnerabilities in this plugin and, we will have specialized rules as soon as possible. We have gathered several samples, and we trust that our general rules will be able to stop such an attack while our specialized rules are released.
Remember that even when Imunify hasn't officially released a specific rule, we have many monitoring rules watching patterns and our software is still effective against such threats.
I have attached this ticket to the task to increase its priority.
Comments
0 comments
Please sign in to leave a comment.