Conditions
-
IP Location Block:
3.0.0 and later -
Server settings:
According to this article,.htaccessis applied towp-content/plugins/andwp-content/themes/. -
Abbreviation:
Attack Vector = Type x Path| Abbreviation of Type | Description |
|---|---|
| AB | Authentication Bypass |
| AFU | Arbitrary File Upload |
| CSRF | Cross-Site Request Forgery |
| DT | Directory Traversal |
| LFI | Local File Inclusion |
| PE | Privilege Escalation |
| RCE | Remote Code Execution |
| RFU | Remote File Upload |
| SQLI | SQL Injection |
| XSS | Cross-Site Scripting |
| Abbreviation of Path | Description |
|---|---|
| AA | Admin area |
| AX | Admin ajax / post |
| PD | Plugin Direct |
| FE | Front End |
| Symbol | Description |
|---|---|
| OK | Success when enables blocking on front-end. |
| OK | Success when enables blocking on back-end. |
| NG | Fail to block. |
Results
Source: © The WPScan Team
| Vulnerability | Version | Type | Path | Geo | ZEP |
|---|---|---|---|---|---|
| WP Business Intelligence Lite | <= 1.6.1 | SQLI | PD+ | OK | OK |
| Ptengine | <= 1.0.1 | XSS | FE | OK | NG |
| EZ Portfolio | <= 1.0.1 | XSS | AX | OK | OK |
| WonderPlugin Audio Player | <= 2.0 | SQLI, XSS | AX | OK | OK |
| Aspose Cloud eBook Generator | <= 1.0 | LFI | PD- | OK | OK |
| WPshop – eCommerce | <= 1.3.9.5 | AFU | PD+ | OK | OK |
| WPBook | <= 2.7 | CSRF | AA | OK | OK |
| WP-ViperGB | <= 1.3.10 | XSS, CSRF | AA | OK | OK |
| WordPress Survey & Poll | <= 1.1.7 | SQLI | AX | OK | OK |
| WP Media Cleaner | <= 0.2.2.6 | XSS | AA | OK | OK |
| WP Easy Slideshow | <= 1.0.3 | CSRF | AA | OK | OK |
| N-Media Website Contact Form | <= 1.3.4 | AFU | AX+ | OK | NG |
| Tune Library | <= 1.5.4 | SQLI | FE | OK | NG |
| Redirection Page | <= 1.2 | CSRF, XSS | AA | OK | OK |
| PHP Event Calendar | <= 1.5 | AFU | PD | OK | OK |
| My Wish List | <= 1.4.1 | XSS | FE | OK | NG |
| Mobile Domain | <= 1.5.2 | CSRF, XSS | AA | OK | OK |
| MailChimp Subscribe Form | <= 1.1 | RCE | PD | OK | OK |
| IP Blacklist Cloud | <= 3.4 | SQLI | AA | OK | OK |
| IP Blacklist Cloud | <= 3.42 | LFI | FE | OK | NG |
| InBoundio Marketing | <= 2.0.3 | RFU | PD | OK | OK |
| Image Metadata Cruncher | <= 1.8 | CSRF, XSS | AA | OK | OK |
| CrossSlide jQuery | <= 2.0.5 | CSRF, XSS | AA | OK | OK |
| Aspose PDF Exporter | < 2.0 | LFI | PD- | OK | OK |
| Aspose Importer & Exporter | <= 1.0 | LFI | PD- | OK | OK |
| Aspose DOC Exporter | <= 1.0 | LFI | PD- | OK | OK |
| WP Ultimate CSV Importer | <= 3.6.74 | AB | PD+ | OK | OK |
| WP Ultimate CSV Importer | <= 3.7.1 | DT | PD+ | OK | OK |
| WP Mobile Edition | <= 0.2.2.7 | LFI | PD- | OK | OK |
| WP All Import | <= 3.2.3 | RCE | AX | OK | OK |
| WP All Import | <= 3.2.4 | CSRF, XSS | AX | OK | OK |
| UpdraftPlus | <= 1.9.50 | PE | AX | OK | NG |
| Ultimate Member | <= 1.0.78 | AFU | PD+ | OK | OK |
| Ultimate Product Catalogue | <= 3.1.1 | AFU | AX | OK | OK |
| Ultimate Product Catalogue | <= 3.1.2 | SQLI | AX | OK | OK |
| Ultimate Product Catalogue | <= 3.1.2 | SQLI | FE | OK | NG |
| TinyMCE Advanced | <= 4.1 | CSRF | AX | OK | OK |
| Huge-IT Slider | <= 2.6.8 | SQLI | AX | OK | OK |
| Simple Ads Manager | <= 2.5.94 | AFU, SQLI | PD+ | OK | OK |
| Related Posts for WordPress | <= 1.8.1 | XSS | FE | OK | NG |
| Ajax Search Lite | <= 3.1 | RCE | AX | OK | OK |
| Blubrry PowerPress | <= 6.0 | XSS | AA | OK | OK |
| PlusCaptcha | <= 2.0.14 | CSRF | AA | OK | OK |
| Plugin Performance Profiler | <= 1.5.3.8 | XSS | AA | NG | NG |
| NEX-Forms | <= 3.0 | SQLI | AX | OK | OK |
| MiwoFTP | <= 1.0.4 | LFI | FE | OK | NG |
| MiwoFTP | <= 1.0.5 | CSRF, XSS | AA | OK | OK |
| MainWP Child | <= 2.0.9.1 | AB | FE | OK | NG |
| Mashshare | <= 2.3.0 | AB | AX | OK | OK |
| WordPress Leads | <= 1.6.2 | XSS | AX+ | OK | NG |
| The total amount of OK | 41 | 38 | |||
Total Protection Performance
| Blocking Method | True Positive | False Negative |
|---|---|---|
| Block by country on both front/back-end | 49/50 (98%) | 1/50 ( 2%) |
| Block by country only on back-end | 41/50 (82%) | 9/50 (18%) |
| WP-ZEP | 38/50 (76%) | 12/50 (24%) |