The high severity vulnerability in Post Grid WordPress plugin that appeared in public resources is suspected to be the cause of attackers’ interest to exploit the affected systems.
The discovered vulnerability allows an attacker to forge the template with further inclusion of its code to the application's backend with the ability to perform malicious actions involving privileged users. This could end up with a stolen administrator session or malware injection.
Even though there is currently no notable rise of such attempts, possibly due to obstacles of necessity to be authenticated, we decided to research the breach and deliver the protection via one of our protection layers - WAF. The rule ID 77316738 was designed for this case with the message: “IM360 WAF: WordPress plugin Post Grid < 2.0.73/Team Showcase < 1.22.16 - Stored Cross-Site Scripting”.
The rule is currently available in stable ruleset v3.41 released on the 7th of October, 2020.
You can find other changes in the build following this link WAF Rules v.3.41 Released.
Additionally, in order to ensure that your server is protected, we suggest reviewing the ModSecurity events on the Incidents tab of the Imunify360 plugin interface of your hosting panel. In the case of ModSecurity events, it is recommended to recheck the related module configurations. More information can be found here https://docs.imunify360.com/hosting_panels_specific_settin/
Should you need any further information, please do not hesitate to submit a ticket to the Imunify360 support team at cloudlinux.zendesk.com.
Imunify360 is a comprehensive security suite for Linux web-servers. Antivirus firewall, WAF, PHP, Security Layer, Patch Management, Domain Reputation with easy UI and advanced automation. Try free to make your websites and server secure now.