WordPress.org

Plugin Directory

Changeset 1304473 for wordfence


Ignore:
Timestamp:
12/09/15 17:46:13 (23 months ago)
Author:
wfmatt
Message:
  • Security Fix: Fixed stored XSS vulnerability discovered internally (thanks to Matt Rusnak).
  • Enhancement: Added additional Sucuri scanner IP to our whitelist.
Location:
wordfence
Files:
10 edited
9 copied

Legend:

Unmodified
Added
Removed
  • wordfence/tags/6.0.22/lib/wfIssues.php

    r1181413 r1304473  
    158158            $i['data'] = unserialize($i['data']); 
    159159            $i['timeAgo'] = wfUtils::makeTimeAgo(time() - $i['time']); 
     160            $i['longMsg'] = wp_kses($i['longMsg'], 'post'); 
    160161            if($i['status'] == 'new'){ 
    161162                $ret['new'][] = $i; 
  • wordfence/tags/6.0.22/lib/wfLog.php

    r1300620 r1304473  
    179179        } 
    180180        //These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them. 
    181         $externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80'); 
     181        $externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183'); 
    182182        if (in_array($IP, $externalWhite)) { 
    183183            return true; 
     
    220220 
    221221        // These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them. 
    222         $white_listed_ips = array_merge($white_listed_ips, array_map(array('wfUtils', 'inet_pton'), array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80'))); 
     222        $white_listed_ips = array_merge($white_listed_ips, array_map(array('wfUtils', 'inet_pton'), array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183'))); 
    223223 
    224224        if ($user_whitelisted === null) { 
  • wordfence/tags/6.0.22/lib/wfScanEngine.php

    r1261333 r1304473  
    466466            foreach($hresults as $result){ 
    467467                if($result['badList'] == 'goog-malware-shavar'){ 
    468                     $shortMsg = "$uctype contains a suspected malware URL: " . $this->scanData[$idString]['title']; 
    469                     $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . $result['URL'] . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
     468                    $shortMsg = "$uctype contains a suspected malware URL: " . esc_html($this->scanData[$idString]['title']); 
     469                    $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
    470470                } else if($result['badList'] == 'googpub-phish-shavar'){ 
    471                     $shortMsg = "$uctype contains a suspected phishing site URL: " . $this->scanData[$idString]['title']; 
    472                     $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . $result['URL']; 
     471                    $shortMsg = "$uctype contains a suspected phishing site URL: " . esc_html($this->scanData[$idString]['title']); 
     472                    $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . esc_html($result['URL']); 
    473473                } else { 
    474474                    //A list type that may be new and the plugin has not been upgraded yet. 
     
    559559            foreach($hresults as $result){ 
    560560                if($result['badList'] == 'goog-malware-shavar'){ 
    561                     $shortMsg = "$uctype with author " . $this->scanData[$idString]['author'] . " contains a suspected malware URL."; 
    562                     $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . $result['URL'] . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
     561                    $shortMsg = "$uctype with author " . esc_html($this->scanData[$idString]['author']) . " contains a suspected malware URL."; 
     562                    $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
    563563                } else if($result['badList'] == 'googpub-phish-shavar'){ 
    564564                    $shortMsg = "$uctype contains a suspected phishing site URL."; 
    565                     $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . $result['URL']; 
     565                    $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . esc_html($result['URL']); 
    566566                } else { 
    567567                    //A list type that may be new and the plugin has not been upgraded yet. 
     
    720720        $highCap = $this->highestCap($userDat->wp_capabilities); 
    721721        if($this->isEditor($userDat->wp_capabilities)){  
    722             $shortMsg = "User \"" . $userDat->user_login . "\" with \"" . $highCap . "\" access has an easy password."; 
    723             $longMsg = "A user with the a role of '" . $highCap . "' has a password that is easy to guess. Please change this password yourself or ask the user to change it."; 
     722            $shortMsg = "User \"" . esc_html($userDat->user_login) . "\" with \"" . esc_html($highCap) . "\" access has an easy password."; 
     723            $longMsg = "A user with the a role of '" . esc_html($highCap) . "' has a password that is easy to guess. Please change this password yourself or ask the user to change it."; 
    724724            $level = 1; 
    725725            $words = $this->dictWords; 
    726726        } else { 
    727             $shortMsg = "User \"" . $userDat->user_login . "\" with 'subscriber' access has a very easy password."; 
     727            $shortMsg = "User \"" . esc_html($userDat->user_login) . "\" with 'subscriber' access has a very easy password."; 
    728728            $longMsg = "A user with 'subscriber' access has a password that is very easy to guess. Please either change it or ask the user to change their password."; 
    729729            $level = 2; 
  • wordfence/tags/6.0.22/lib/wordfenceConstants.php

    r1300620 r1304473  
    11<?php 
    2 define('WORDFENCE_API_VERSION', '2.19'); 
     2define('WORDFENCE_API_VERSION', '2.20'); 
    33define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/'); 
    44define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/'); 
  • wordfence/tags/6.0.22/lib/wordfenceScanner.php

    r1261333 r1304473  
    187187                                    'ignoreP' => $this->path . $file, 
    188188                                    'ignoreC' => $fileSum, 
    189                                     'shortMsg' => "File appears to be malicious: " . $file, 
    190                                     'longMsg' => "This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"" . $matches[1] . "\"</strong>.", 
     189                                    'shortMsg' => "File appears to be malicious: " . esc_html($file), 
     190                                    'longMsg' => "This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"" . esc_html($matches[1]) . "\"</strong>.", 
    191191                                    'data' => array( 
    192192                                        'file' => $file, 
     
    194194                                        'canFix' => false, 
    195195                                        'canDelete' => true 
    196                                     ) 
    197                                     )); 
     196                                    ))); 
    198197                                break; 
    199198                            } 
     
    207206                                    'ignoreP' => $this->path . $file, 
    208207                                    'ignoreC' => $fileSum, 
    209                                     'shortMsg' => "This file may contain malicious executable code: " . $this->path . $file, 
    210                                     'longMsg' => "This file is a PHP executable file and contains an " . $this->patterns['word1'] . " function and " . $this->patterns['word2'] . " decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
     208                                    'shortMsg' => "This file may contain malicious executable code: " . esc_html($this->path . $file), 
     209                                    'longMsg' => "This file is a PHP executable file and contains an " . esc_html($this->patterns['word1']) . " function and " . esc_html($this->patterns['word2']) . " decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
    211210                                    'data' => array( 
    212211                                        'file' => $file, 
     
    215214                                        'canDelete' => true 
    216215                                    ) 
    217                                     )); 
     216                                )); 
    218217                                break; 
    219218                            } 
     
    236235                                        'ignoreP' => $this->path . $file, 
    237236                                        'ignoreC' => $fileSum, 
    238                                         'shortMsg' => "This file may contain malicious executable code: " . $this->path . $file, 
    239                                         'longMsg' => "This file is a PHP executable file and contains the word 'eval' (without quotes) and the word '" . $badStringFound . "' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
     237                                        'shortMsg' => "This file may contain malicious executable code: " . esc_html($this->path . $file), 
     238                                        'longMsg' => "This file is a PHP executable file and contains the word 'eval' (without quotes) and the word '" . esc_html($badStringFound) . "' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
    240239                                        'data' => array( 
    241240                                            'file' => $file, 
     
    244243                                            'canDelete' => true 
    245244                                        ) 
    246                                         )); 
     245                                    )); 
    247246                                    break; 
    248247                                } 
     
    291290                            'ignoreP' => $this->path . $file, 
    292291                            'ignoreC' => md5_file($this->path . $file), 
    293                             'shortMsg' => "File contains suspected malware URL: " . $this->path . $file, 
    294                             'longMsg' => "This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes " . $this->patterns['word3'] . " when scanning files so the URL may not be visible if you view this file. The URL is: " . $result['URL'] . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.", 
     292                            'shortMsg' => "File contains suspected malware URL: " . esc_html($this->path . $file), 
     293                            'longMsg' => "This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes " . esc_html($this->patterns['word3']) . " when scanning files so the URL may not be visible if you view this file. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.", 
    295294                            'data' => array( 
    296295                                'file' => $file, 
     
    300299                                'canDelete' => true, 
    301300                                'gsb' => 'goog-malware-shavar' 
    302                                 ) 
    303                             )); 
     301                            ) 
     302                        )); 
    304303                    } 
    305304                } else if($result['badList'] == 'googpub-phish-shavar'){ 
     
    310309                            'ignoreP' => $this->path . $file, 
    311310                            'ignoreC' => md5_file($this->path . $file), 
    312                             'shortMsg' => "File contains suspected phishing URL: " . $this->path . $file, 
    313                             'longMsg' => "This file contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . $result['URL'], 
     311                            'shortMsg' => "File contains suspected phishing URL: " . esc_html($this->path . $file), 
     312                            'longMsg' => "This file contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . esc_html($result['URL']), 
    314313                            'data' => array( 
    315314                                'file' => $file, 
     
    319318                                'canDelete' => true, 
    320319                                'gsb' => 'googpub-phish-shavar' 
    321                                 ) 
    322                             )); 
     320                            ) 
     321                        )); 
    323322                    } 
    324323                } 
     
    387386                    'ignoreP'  => "{$db->prefix()}option.{$row['option_name']}", 
    388387                    'ignoreC'  => md5($row['option_value']), 
    389                     'shortMsg' => "This option may contain malicious executable code: {$row['option_name']}", 
    390                     'longMsg'  => "This option appears to be inserted by a hacker to perform malicious activity. If you know about this option you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"{$matches[1]}\"</strong>.", 
     388                    'shortMsg' => "This option may contain malicious executable code: " . esc_html($row['option_name']), 
     389                    'longMsg'  => "This option appears to be inserted by a hacker to perform malicious activity. If you know about this option you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"" . esc_html($matches[1]). "\"</strong>.", 
    391390                    'data'     => array( 
    392391                        'option_name' => $row['option_name'], 
  • wordfence/tags/6.0.22/readme.txt

    r1300713 r1304473  
    33Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6 
    44Requires at least: 3.9 
    5 Tested up to: 4.3.1 
    6 Stable tag: 6.0.21 
     5Tested up to: 4.4 
     6Stable tag: 6.0.22 
    77 
    88The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware. 
     
    184184== Changelog == 
    185185 
     186= 6.0.22 = 
     187* Security Fix: Fixed stored XSS vulnerability discovered internally (thanks to Matt Rusnak). 
     188* Enhancement: Added additional Sucuri scanner IP to our whitelist. 
     189 
    186190= 6.0.21 = 
    187 * Enhancement: Added better handling of Googlebot verification.  
     191* Enhancement: Added better handling of Googlebot verification. 
    188192 
    189193= 6.0.20 = 
  • wordfence/tags/6.0.22/wordfence.php

    r1300620 r1304473  
    55Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache 
    66Author: Wordfence 
    7 Version: 6.0.21 
     7Version: 6.0.22 
    88Author URI: http://www.wordfence.com/ 
    99*/ 
     
    1111    return; 
    1212} 
    13 define('WORDFENCE_VERSION', '6.0.21'); 
     13define('WORDFENCE_VERSION', '6.0.22'); 
    1414if(get_option('wordfenceActivated') != 1){ 
    1515    add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error',  ob_get_contents()); } 
  • wordfence/trunk/lib/wfIssues.php

    r1181413 r1304473  
    158158            $i['data'] = unserialize($i['data']); 
    159159            $i['timeAgo'] = wfUtils::makeTimeAgo(time() - $i['time']); 
     160            $i['longMsg'] = wp_kses($i['longMsg'], 'post'); 
    160161            if($i['status'] == 'new'){ 
    161162                $ret['new'][] = $i; 
  • wordfence/trunk/lib/wfLog.php

    r1300620 r1304473  
    179179        } 
    180180        //These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them. 
    181         $externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80'); 
     181        $externalWhite = array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183'); 
    182182        if (in_array($IP, $externalWhite)) { 
    183183            return true; 
     
    220220 
    221221        // These belong to sucuri's scanning servers which will get blocked by Wordfence as a false positive if you try a scan. So we whitelisted them. 
    222         $white_listed_ips = array_merge($white_listed_ips, array_map(array('wfUtils', 'inet_pton'), array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80'))); 
     222        $white_listed_ips = array_merge($white_listed_ips, array_map(array('wfUtils', 'inet_pton'), array('97.74.127.171', '69.164.203.172', '173.230.128.135', '66.228.34.49', '66.228.40.185', '50.116.36.92', '50.116.36.93', '50.116.3.171', '198.58.96.212', '50.116.63.221', '192.155.92.112', '192.81.128.31', '198.58.106.244', '192.155.95.139', '23.239.9.227', '198.58.112.103', '192.155.94.43', '162.216.16.33', '173.255.233.124', '173.255.233.124', '192.155.90.179', '50.116.41.217', '192.81.129.227', '198.58.111.80', '162.216.19.183'))); 
    223223 
    224224        if ($user_whitelisted === null) { 
  • wordfence/trunk/lib/wfScanEngine.php

    r1261333 r1304473  
    466466            foreach($hresults as $result){ 
    467467                if($result['badList'] == 'goog-malware-shavar'){ 
    468                     $shortMsg = "$uctype contains a suspected malware URL: " . $this->scanData[$idString]['title']; 
    469                     $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . $result['URL'] . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
     468                    $shortMsg = "$uctype contains a suspected malware URL: " . esc_html($this->scanData[$idString]['title']); 
     469                    $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
    470470                } else if($result['badList'] == 'googpub-phish-shavar'){ 
    471                     $shortMsg = "$uctype contains a suspected phishing site URL: " . $this->scanData[$idString]['title']; 
    472                     $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . $result['URL']; 
     471                    $shortMsg = "$uctype contains a suspected phishing site URL: " . esc_html($this->scanData[$idString]['title']); 
     472                    $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . esc_html($result['URL']); 
    473473                } else { 
    474474                    //A list type that may be new and the plugin has not been upgraded yet. 
     
    559559            foreach($hresults as $result){ 
    560560                if($result['badList'] == 'goog-malware-shavar'){ 
    561                     $shortMsg = "$uctype with author " . $this->scanData[$idString]['author'] . " contains a suspected malware URL."; 
    562                     $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . $result['URL'] . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
     561                    $shortMsg = "$uctype with author " . esc_html($this->scanData[$idString]['author']) . " contains a suspected malware URL."; 
     562                    $longMsg = "This $type contains a suspected malware URL listed on Google's list of malware sites. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>."; 
    563563                } else if($result['badList'] == 'googpub-phish-shavar'){ 
    564564                    $shortMsg = "$uctype contains a suspected phishing site URL."; 
    565                     $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . $result['URL']; 
     565                    $longMsg = "This $type contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . esc_html($result['URL']); 
    566566                } else { 
    567567                    //A list type that may be new and the plugin has not been upgraded yet. 
     
    720720        $highCap = $this->highestCap($userDat->wp_capabilities); 
    721721        if($this->isEditor($userDat->wp_capabilities)){  
    722             $shortMsg = "User \"" . $userDat->user_login . "\" with \"" . $highCap . "\" access has an easy password."; 
    723             $longMsg = "A user with the a role of '" . $highCap . "' has a password that is easy to guess. Please change this password yourself or ask the user to change it."; 
     722            $shortMsg = "User \"" . esc_html($userDat->user_login) . "\" with \"" . esc_html($highCap) . "\" access has an easy password."; 
     723            $longMsg = "A user with the a role of '" . esc_html($highCap) . "' has a password that is easy to guess. Please change this password yourself or ask the user to change it."; 
    724724            $level = 1; 
    725725            $words = $this->dictWords; 
    726726        } else { 
    727             $shortMsg = "User \"" . $userDat->user_login . "\" with 'subscriber' access has a very easy password."; 
     727            $shortMsg = "User \"" . esc_html($userDat->user_login) . "\" with 'subscriber' access has a very easy password."; 
    728728            $longMsg = "A user with 'subscriber' access has a password that is very easy to guess. Please either change it or ask the user to change their password."; 
    729729            $level = 2; 
  • wordfence/trunk/lib/wordfenceConstants.php

    r1300620 r1304473  
    11<?php 
    2 define('WORDFENCE_API_VERSION', '2.19'); 
     2define('WORDFENCE_API_VERSION', '2.20'); 
    33define('WORDFENCE_API_URL_SEC', 'https://noc1.wordfence.com/'); 
    44define('WORDFENCE_API_URL_NONSEC', 'http://noc1.wordfence.com/'); 
  • wordfence/trunk/lib/wordfenceScanner.php

    r1261333 r1304473  
    187187                                    'ignoreP' => $this->path . $file, 
    188188                                    'ignoreC' => $fileSum, 
    189                                     'shortMsg' => "File appears to be malicious: " . $file, 
    190                                     'longMsg' => "This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"" . $matches[1] . "\"</strong>.", 
     189                                    'shortMsg' => "File appears to be malicious: " . esc_html($file), 
     190                                    'longMsg' => "This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"" . esc_html($matches[1]) . "\"</strong>.", 
    191191                                    'data' => array( 
    192192                                        'file' => $file, 
     
    194194                                        'canFix' => false, 
    195195                                        'canDelete' => true 
    196                                     ) 
    197                                     )); 
     196                                    ))); 
    198197                                break; 
    199198                            } 
     
    207206                                    'ignoreP' => $this->path . $file, 
    208207                                    'ignoreC' => $fileSum, 
    209                                     'shortMsg' => "This file may contain malicious executable code: " . $this->path . $file, 
    210                                     'longMsg' => "This file is a PHP executable file and contains an " . $this->patterns['word1'] . " function and " . $this->patterns['word2'] . " decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
     208                                    'shortMsg' => "This file may contain malicious executable code: " . esc_html($this->path . $file), 
     209                                    'longMsg' => "This file is a PHP executable file and contains an " . esc_html($this->patterns['word1']) . " function and " . esc_html($this->patterns['word2']) . " decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
    211210                                    'data' => array( 
    212211                                        'file' => $file, 
     
    215214                                        'canDelete' => true 
    216215                                    ) 
    217                                     )); 
     216                                )); 
    218217                                break; 
    219218                            } 
     
    236235                                        'ignoreP' => $this->path . $file, 
    237236                                        'ignoreC' => $fileSum, 
    238                                         'shortMsg' => "This file may contain malicious executable code: " . $this->path . $file, 
    239                                         'longMsg' => "This file is a PHP executable file and contains the word 'eval' (without quotes) and the word '" . $badStringFound . "' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
     237                                        'shortMsg' => "This file may contain malicious executable code: " . esc_html($this->path . $file), 
     238                                        'longMsg' => "This file is a PHP executable file and contains the word 'eval' (without quotes) and the word '" . esc_html($badStringFound) . "' (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.", 
    240239                                        'data' => array( 
    241240                                            'file' => $file, 
     
    244243                                            'canDelete' => true 
    245244                                        ) 
    246                                         )); 
     245                                    )); 
    247246                                    break; 
    248247                                } 
     
    291290                            'ignoreP' => $this->path . $file, 
    292291                            'ignoreC' => md5_file($this->path . $file), 
    293                             'shortMsg' => "File contains suspected malware URL: " . $this->path . $file, 
    294                             'longMsg' => "This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes " . $this->patterns['word3'] . " when scanning files so the URL may not be visible if you view this file. The URL is: " . $result['URL'] . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.", 
     292                            'shortMsg' => "File contains suspected malware URL: " . esc_html($this->path . $file), 
     293                            'longMsg' => "This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes " . esc_html($this->patterns['word3']) . " when scanning files so the URL may not be visible if you view this file. The URL is: " . esc_html($result['URL']) . " - More info available at <a href=\"http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=" . urlencode($result['URL']) . "&client=googlechrome&hl=en-US\" target=\"_blank\">Google Safe Browsing diagnostic page</a>.", 
    295294                            'data' => array( 
    296295                                'file' => $file, 
     
    300299                                'canDelete' => true, 
    301300                                'gsb' => 'goog-malware-shavar' 
    302                                 ) 
    303                             )); 
     301                            ) 
     302                        )); 
    304303                    } 
    305304                } else if($result['badList'] == 'googpub-phish-shavar'){ 
     
    310309                            'ignoreP' => $this->path . $file, 
    311310                            'ignoreC' => md5_file($this->path . $file), 
    312                             'shortMsg' => "File contains suspected phishing URL: " . $this->path . $file, 
    313                             'longMsg' => "This file contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . $result['URL'], 
     311                            'shortMsg' => "File contains suspected phishing URL: " . esc_html($this->path . $file), 
     312                            'longMsg' => "This file contains a URL that is a suspected phishing site that is currently listed on Google's list of known phishing sites. The URL is: " . esc_html($result['URL']), 
    314313                            'data' => array( 
    315314                                'file' => $file, 
     
    319318                                'canDelete' => true, 
    320319                                'gsb' => 'googpub-phish-shavar' 
    321                                 ) 
    322                             )); 
     320                            ) 
     321                        )); 
    323322                    } 
    324323                } 
     
    387386                    'ignoreP'  => "{$db->prefix()}option.{$row['option_name']}", 
    388387                    'ignoreC'  => md5($row['option_value']), 
    389                     'shortMsg' => "This option may contain malicious executable code: {$row['option_name']}", 
    390                     'longMsg'  => "This option appears to be inserted by a hacker to perform malicious activity. If you know about this option you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"{$matches[1]}\"</strong>.", 
     388                    'shortMsg' => "This option may contain malicious executable code: " . esc_html($row['option_name']), 
     389                    'longMsg'  => "This option appears to be inserted by a hacker to perform malicious activity. If you know about this option you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: <strong style=\"color: #F00;\">\"" . esc_html($matches[1]). "\"</strong>.", 
    391390                    'data'     => array( 
    392391                        'option_name' => $row['option_name'], 
  • wordfence/trunk/readme.txt

    r1300713 r1304473  
    33Tags: wordpress, security, performance, speed, caching, cache, caching plugin, wordpress cache, wordpress caching, wordpress security, security plugin, secure, anti-virus, malware, firewall, antivirus, virus, google safe browsing, phishing, scrapers, hacking, wordfence, securty, secrity, secure, two factor, cellphone sign-in, cellphone signin, cellphone, twofactor, security, secure, htaccess, login, log, users, login alerts, lock, chmod, maintenance, plugin, private, privacy, protection, permissions, 503, base64, injection, code, encode, script, attack, hack, hackers, block, blocked, prevent, prevention, RFI, XSS, CRLF, CSRF, SQL Injection, vulnerability, website security, WordPress security, security log, logging, HTTP log, error log, login security, personal security, infrastructure security, firewall security, front-end security, web server security, proxy security, reverse proxy security, secure website, secure login, two factor security, maximum login security, heartbleed, heart bleed, heartbleed vulnerability, openssl vulnerability, nginx, litespeed, php5-fpm, woocommerce support, woocommerce caching, IPv6, IP version 6 
    44Requires at least: 3.9 
    5 Tested up to: 4.3.1 
    6 Stable tag: 6.0.21 
     5Tested up to: 4.4 
     6Stable tag: 6.0.22 
    77 
    88The Wordfence WordPress security plugin provides free enterprise-class WordPress security, protecting your website from hacks and malware. 
     
    184184== Changelog == 
    185185 
     186= 6.0.22 = 
     187* Security Fix: Fixed stored XSS vulnerability discovered internally (thanks to Matt Rusnak). 
     188* Enhancement: Added additional Sucuri scanner IP to our whitelist. 
     189 
    186190= 6.0.21 = 
    187 * Enhancement: Added better handling of Googlebot verification.  
     191* Enhancement: Added better handling of Googlebot verification. 
    188192 
    189193= 6.0.20 = 
  • wordfence/trunk/wordfence.php

    r1300620 r1304473  
    55Description: Wordfence Security - Anti-virus, Firewall and High Speed Cache 
    66Author: Wordfence 
    7 Version: 6.0.21 
     7Version: 6.0.22 
    88Author URI: http://www.wordfence.com/ 
    99*/ 
     
    1111    return; 
    1212} 
    13 define('WORDFENCE_VERSION', '6.0.21'); 
     13define('WORDFENCE_VERSION', '6.0.22'); 
    1414if(get_option('wordfenceActivated') != 1){ 
    1515    add_action('activated_plugin','wordfence_save_activation_error'); function wordfence_save_activation_error(){ update_option('wf_plugin_act_error',  ob_get_contents()); } 
Note: See TracChangeset for help on using the changeset viewer.