Личный опыт:

Уязвимость Product Table by WBW v.2.1.4 на 03-03-2025

меняются файлы:

/wp-content/plugins/woo-product-tables/modules/wootablepress/css/dt/responsive.dataTables.min.css и wp-content/plugins/woo-product-tables/modules/wootablepress/css/admin.tables.css — плагин удалил((

Вчера написал эту статью, а сегодня атаковали мои сайты

Лог ниже на скрине. Уязвимость по wp-includes/js/ известна с 2022года. Подробнее: https://1ps.ru/blog/sites/virus-soaksoak-atakuet-sajtyi-pod-upravleniem-cms-wordpress/ — Проверьте свои сайты сегодня, особенно если они работают без обновления с 2022года на WP.

В итоге с защитой сайт выстоял, а без неё и тот на который не заходил год, черновик сайта без защиты, слетел! (( Пойду восстанавливать из архива и добавлять защиты на него.

ВЫВОД: не оставляйте черновики сайтов долго на хостинге!

Каждую неделю выявляется более 100 уязвимостей в плагинах и темах.

Потому так часто выходят обновления… А если обновления не выходят более 6-12 месяцев, значит что то не так с разработчиком кода…. Не используйте такой плагин или тему.

Anti-Spam by CleanTalk — Известна на 30-10-2024. Уязвимость:

«Обход авторизации с помощью обратного DNS-спуфинга», установок: > 200 000, Источник ( wordfence.com/blog/2024/11/ )

Плагин с уязвимостью, который нашёл лично…

Лично, не выясняю причину взлома, восстанавливаю сайта из архива и ставлю более сильную защиту… Чищу кэши, куки, базу удаляю записи старые в базе блокирую пользователей, …..Все зависит от того как «сломался» сайт.

Сканеры и программы

«Айболит» — https://revisium.com/ai/

— сканер вирусов и вредоносных скриптов на хостинге, есть также Windows версия для проверки локальной копии файлов сайта.

LMD — https://www.rfxn.com/projects/linux-malware-detect/

— Linux Malware Detect — инструмент сканирования на вредоносный код в скриптах расчитанный в.т.ч. и на применение через системный cron

Яндекс Манул — https://github.com/antimalware/manul

— В настоящее время закрытый проект, до сих пор доступный на GitHub, возможно окажется полезным.

Плагины для защиты сайтов

WP Cerber

комбайн плагина безопасности и проверки целостности файлов сайта включая скрипты тем и плагинов использующий API wordpress.org, есть сканер сигнатур вредоносного кода.

Quettera

— сканер основаный на «облачной» проверке

GOTMLS

WordFence — Я использую с 2FA для аутентификации + reCAPTCHA v3

Sucuri

Сервисы проверки сайта

Осуществляют анализ страницы сайта на наличие вредоносного JavaScript кода, перенаправлений, скрытых ссылок, проверку нахождения сайта в черных списках

Уязвимые плагины за неделю с 18-11-2024 по 24-11-24, к примеру:

Software Name	Software Slug
404 Solution	404-solution
Absolute Addons For Elementor	absolute-addons
Activity Log – Monitor & Record User Changes	aryo-activity-log
Advanced Event Manager	advanced-event-manager
affiliate-toolkit – WP Affiliate Plugin with Amazon	affiliate-toolkit-starter
Ahmeti Wp Güzel Sözler	ahmeti-wp-guzel-sozler
AI Quiz \| Quiz Maker	ai-quiz
AI Responsive Gallery Album	ai-responsive-gallery-album
amr shortcodes	amr-shortcodes
Announcement & Notification Banner – Bulletin	bulletin-announcements
Anonymous Restricted Content	anonymous-restricted-content
April’s Call Posts	aprils-call-posts
AtaraPay WooCommerce Payment Gateway	atarapay-woocommerce
AutoListicle: Automatically Update Numbered List Articles	autolisticle-automatically-update-numbered-list-articles
Awesome Studio	awesome-studio
Banner System	banner-system
Bard Extra	bard-extra
Beds24 Online Booking	beds24-online-booking
Booster for WooCommerce	woocommerce-jetpack
Branda – Branda – White Label & Branding, Custom Login Page Customizer	branda-white-labeling
Button Block – Get fully customizable & multi-functional buttons	button-block
Buying Buddy IDX CRM	buying-buddy-idx-crm
Chameleoni Jobs	chameleon-jobs
Checkout with Cash App on WooCommerce	wc-cashapp
Chessgame Shizzle	chessgame-shizzle
Classified Listing – Classified ads & Business Directory Plugin	classified-listing
Clone	wp-clone-by-wp-academy
Co-marquage service-public.fr	co-marquage-service-public
Community by PeepSo – Download from PeepSo.com	peepso-core
Contact Form 7 Email Add on	cf7-email-add-on
Contact Page With Google Map	contact-page-with-google-map
Continue Shopping From Cart	continue-shopping-from-cart-page
Control horas	control-horas
Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes	security-force
Custom CSS, JS & PHP	custom-css
Custom Shortcode Sidebars	custom-shortcode-sidebars
de:branding	debranding
DeBounce Email Validator	debounce-io-email-validator
Dino Game – Embed Google Chrome Dinosaur Game in your website	dino-game
Distance Based Shipping Calculator	distance-based-shipping-calculator
Document & Data Automation	document-data-automation
Dynamic «To Top» Plugin	dynamic-to-top
Dynamic URL SEO	dynamic-url-seo
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels	wpfunnels
Easy Liveblogs	easy-liveblogs
Easy Twitter Feed – Twitter feeds plugin for WP	easy-twitter-feeds
Elementor Portfolio Builder	portfolio-builder-elementor
Elfsight Telegram Chat CC	elfsight-telegram-chat-cc
Email Subscription Popup	email-subscribe
Enter Addons – Ultimate Template Builder for Elementor	enteraddons
Explara Events	explara-events
Extensions for Elementor	extensions-for-elementor
F4 Improvements	f4-improvements
Favicon My Blog	favicon-my-blog
Fediverse Embeds	fediverse-embeds
Fence URL wp-login.php	fence-url
Fintelligence Calculator	fintelligence-calculator
FireCask’s Twitter Follow Button	twitter-follow
FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider	fluent-smtp
Footer Flyout Widget	footer-flyout-widget
Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder	formidable
Friendly Functions for Welcart	friendly-functions-for-welcart
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery	simply-gallery-block
GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress	gamipress
GD bbPress Attachments	gd-bbpress-attachments
GD Rating System	gd-rating-system
Generic Elements	generic-elements-for-elementor
Geolocator	geolocator
Getwid – Gutenberg Blocks	getwid
Google for WooCommerce	google-listings-and-ads
Google Plus Share and +1 Button	google-plus-share-and-plusone-button
GoQMieruca	goqmieruca
GoQSmile	goqsmile
Grey Owl Lightbox	grey-owl-lightbox
Grid View Gallery	grid-view-gallery
Gutenberg Blocks with AI by Kadence WP – Page Builder Features	kadence-blocks
HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents	hipaatizer
Hotlink2Watermark	hotlink2watermark
HTML5 Lyrics Karaoke Player	html5-lyrics-karaoke-player
HUSKY – Products Filter Professional for WooCommerce	woocommerce-products-filter
IceStats	icestats
Idealien Category Enhancements	idealien-category-enhancements
If-So Dynamic Content Personalization	if-so
Image horizontal reel scroll slideshow	image-horizontal-reel-scroll-slideshow
Image Optimizer, Resizer and CDN – Sirv	sirv
ImbaChat	imbachat-widget
Include Mastodon Feed	include-mastodon-feed
Increase Maximum Upload File Size \| Increase Execution Time	wp-maximum-upload-file-size
Infinite Slider	infinite-slider
iPhone Webclip Manager	iphone-webclip-manager
ITERAS	iteras
JobBoardWP – Job Board Listings and Submissions	jobboardwp
Kevin’s Plugin	kevins-plugin
LA-Studio Element Kit for Elementor	lastudio-element-kit
Lazy load videos and sticky control	lazy-load-videos-and-sticky-control
LeadBoxer	leadboxer
LeanPress	leanpress
LGPD Framework By Data443	lgpd-framework
Library Bookshelves	library-bookshelves
LinkLaunder SEO	linklaunder-seo-plugin
Lock User Account	lock-user-account
LSX Tour Operator	tour-operator
MailChimp Forms by MailMunch	mailchimp-forms-by-mailmunch
MailMunch – Grow your Email List	mailmunch
Memberlite Shortcodes	memberlite-shortcodes
Meteor Slides	meteor-slides
MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar	mp3-music-player-by-sonaar
MP3 Sticky Player	fwdmsp
MStore API – Create Native Android & iOS Apps On The Cloud	mstore-api
Multi Feed Reader	multi-feed-reader
My Contador lesr	my-contador-wp
nBlocks – Responsive Gutenberg News Blocks	nblocks
Office Locator	office-locator
Opal Woo Custom Product Variation	opal-woo-custom-product-variation
Open edX LMS and WordPress integrator (LITE)	edunext-openedx-integrator
Ortto	autopilot
Page Parts	page-parts
Parallax Image	parallax-image
Pathomation	pathomation
Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net	peachpay-for-woocommerce
PDF Invoices & Packing Slips Generator for WooCommerce	pdf-invoicing-for-woocommerce
Post By Email	post-by-email
Post Ideas	post-ideas
Premium Packages – Sell Digital Products Securely	wpdm-premium-packages
Pricing table addon for elementor	pricing-table-addon-for-elementor
Product Designer	product-designer
Product Table for WooCommerce by CodeAstrology (wooproducttable.com)	woo-product-table
ProfileGrid – User Profiles, Groups and Communities	profilegrid-user-profiles-groups-and-communities
Protect Your Content	protect-your-content
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes	revisionary
Pure CSS Circle Progress bar	pure-css-circle-progress-bar
QRMenu Restaurant QR Menu Lite	qrmenu-lite
Quick Learn	quick-learn
Quotes llama	quotes-llama
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings	seo-by-rank-math
RealtyCandy IDX Broker Extended	realtycandy-idx-broker-extended
RecipePress Reloaded	recipepress-reloaded
Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation	get-a-quote-button-for-woocommerce
Rescue Shortcodes	rescue-shortcodes
Restaurant Menu – Food Ordering System – Table Reservation	menu-ordering-reservations
Run Contests, Raffles, and Giveaways with ContestsWP	contest-code-checker
salavat counter Plugin	salavat-counter
Save as PDF Plugin by Pdfcrowd	save-as-pdf-by-pdfcrowd
School Management System for WordPress	school-management
Shine PDF Embeder	shine-pdf
Shopready – Elementor addons for WooCommerce Page Builder	shopready-elementor-addon
Silverlight Video Player	smooth-streaming-player
Simple Membership	simple-membership
Simple Travel Map	simple-travel-map
Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)	sky-elementor-addons
Slick Sitemap	slick-sitemap
Slotti Ajanvaraus	slotti-ajanvaraus
Social Login	oa-social-login
SP Blog Designer	sp-blog-designer
Sticky Social Icons	sticky-social-icons
Stratum – Elementor Widgets	stratum
StreamWeasels Online Status Bar	stream-status-for-twitch
Subaccounts for WooCommerce	subaccounts-for-woocommerce
SuevaFree Essential Kit	suevafree-essential-kit
Sugar Calendar – Event Calendar, Event Tickets, and Event Management Platform	sugar-calendar-lite
SVG Block	svg-block
Tailored Tools	tailored-tools
Team Rosters	team-rosters
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce	the-plus-addons-for-elementor-page-builder
Theater for WordPress	theatre
Theme Builder For Elementor	theme-builder-for-elementor
TM Islamic Helper	tm-islamic-helper
Tribute Testimonials – WordPress Testimonial Grid/Slider	tribute-testimonial-gridslider
Tutor LMS – eLearning and online course solution	tutor
Ultimate Classified Listings	ultimate-classified-listings
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	ultimate-member
Ultimate YouTube Video & Shorts Player With Vimeo	ultimate-youtube-video-player
UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode)	ultraaddons-elementor-lite
User registration & user profile – UserPlus	userplus
Wawp OTP Verification, Order Notifications, and Country Code Selector for WooCommerce	automation-web-platform
Wc Recently viewed products	wc-recently-viewed-products
Weather Atlas Widget	weather-atlas
What Would Seth Godin Do	what-would-seth-godin-do
WIP Incoming Lite	wip-incoming-lite
Wishlist for WooCommerce: Multi Wishlists Per Customer PRO	wish-list-for-woocommerce-pro
WooCommerce Price Alert	price-alert-woocommerce
WooCommerce Product Table Lite	wc-product-table-lite
WordPress Bootscraper	wp-bootscraper
WordPress Brute Force Protection – Stop Brute Force Attacks	guardgiant
wp auto top	wp-auto-top
WP e-Commerce Style Email	wp-e-commerce-style-email
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts	wedevs-project-manager
WP Travel Engine – Tour Booking Plugin – Tour Operator Software	wp-travel-engine
WP User Manager – User Profile Builder & Membership	wp-user-manager
WP-ISPConfig 3	wp-ispconfig3
WP-Orphanage Extended	wp-orphanage-extended
WPAdverts – Classifieds Plugin	wpadverts
WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup	wpb-popup-for-contact-form-7
WPBakery Visual Composer WHMCS Elements	void-visual-whmcs-element
WPDash Notes	wpdash-notes
WPGYM — WordPress Gym Management System	gym-management
Xpresslane Fast Checkout	xpresslane-integration-for-woocommerce
Yaad Sarig Payment Gateway For WC	yaad-sarig-payment-gateway-for-wc
Youneeq Recommendations	youneeq-panel
yPHPlista	yphplista
Zajax – Ajax Navigation	zajax-ajax-navigation
Экспресс Платежи платежный модуль	express-pay
우커머스 네이버페이	mshop-npay
워드프레스 결제 심플페이 – 우커머스 결제 플러그인	pgall-for-woocommerce
코드엠샵 소셜톡	mshop-naver-talktalk