SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP WordPress Plugin ThemeREX PHP code injection attempt
The vulnerable source code should no longer be present in the Wordpress plugins after applying a fix, thus if the rule alerts then there is a high chance that someone is trying to exploit this vulnerability. This rule will search for the vulnerable parameter in the ThemeRex plugin and will drop any packets containing it.
This rule will trigger when an attempt of accessing a vulnerable REST-API endpoint using a ThemeREX Add-on plugin of Wordpress, is detected. Accessing this vulnerable resource will cause a code injection vulnerability and the whole Wordpress system will be affected.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2020-10257 |
Loading description
|
Tactic: Execution
Technique: Execution through API
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org