CloudFlare

17 Jun 2024

Websites Used As Part of WordPress Hacking Campaign Running Behind Cloudflare

Last week, we looked at the unfixed vulnerability in a WordPress plugin being targeted by a hacking campaign. What was also captured by our firewall’s logging when exploit attempts were stopped was the malicious payload the attacker was attempting to load on to websites. The payload consisted of PHP code that would be placed in a new file with the .php extension on the website. The attacker could then request the URL for the file and the code in it would run. Something in the code stood out to us. The hacker is relying on two legitimate providers to support one element of the campaign. One is more notable than the other, as it is a security provider, Cloudflare. It isn’t the first time that has been true recently.

The Malicious Code

Here is the malicious code that was the payload of the exploit attempts, with some formatting done to make it more readable: [Read more]

7 Feb 2024

Cloudflare Still Providing DNS Service for WordPress Security Team Impersonation Scam

For a couple of months now, a phishing email campaign has been sending emails warning of a vulnerability on WordPress websites and telling people to download a plugin for that. That email has this format:

Dear user [Read more]

5 Feb 2024

WordPress Security Providers Falsely Claimed Cloudflare’s Plugin Contained Vulnerability

It would be rather notable if the 200,000+ install WordPress plugin from the security provider Cloudflare contained a vulnerability. And that was just the claim made recently by a couple of WordPress security providers. Here was one of them, Patchstack, describing the claimed vulnerability:

An unknown person discovered and reported this Sensitive Data Exposure vulnerability in WordPress CloudFlare Plugin. This vulnerability has been fixed in version 4.12.3. [Read more]

30 Jan 2024

Cloudflare Only Added One Firewall Rule for a WordPress Plugin Vulnerability Last Year and It Was Eight Months Late

We recently ran across a WordPress support service that was making some extraordinary claims about their handling of security. They were not close to true, considering we were visiting their website to try to notify them that they had failed in an attempt to fix a vulnerability in a WordPress plugin they recently acquired. One thing they were touting was providing “Cloudflare’s robust firewall:”

[Read more]

5 Dec 2023

Security Provider CloudFlare Providing Service for Phishing Campaign Targeting WordPress Websites

A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name en-gb-wordpress.org. The domain name servers for that belong to none other than security provider CloudFlare:

bingo.ns.cloudflare.com [Read more]

25 May 2022

Cloudflare Isn’t Adding New Firewall Rules to Protect Against Vulnerabilities in WordPress Plugins

It isn’t hard to find people citing the Cloudflare service as a good security solution for WordPress websites. What is lacking is any of those people citing evidence that Cloudflare provides effective protection for WordPress websites. If it was an effective solution, you would expect that Cloudflare would be the ones disclosing zero-day vulnerabilities, which are vulnerabilities being exploited before the developer is aware of them, in WordPress plugins, as there are plenty of those to be caught. Last week, for example, we disclosed serious unfixed vulnerabilities we found in two plugins based on seeing what looked to be hacker probing for them. We are not aware of Cloudflare disclosing any of those in recent years.

In March, Cloudflare announced they were “providing a Cloudflare WAF (Web Application Firewall) Managed Ruleset to all Cloudflare plans, free of charge”. In their announcement, they singled out including rules for WordPress in that: [Read more]

20 Mar 2017

WordPress Plugin Security Review: Cloudflare

For our sixth security review of a plugin based on the voting of our customers (we are still waiting to release the results of the fifth until after the developer has a chance to fix the most serious issue found), we reviewed the plugin Cloudflare.

If you are not yet a customer of the service you can currently try it free for your first month and then start suggesting and voting on plugins to get security reviews after your first payment for the service. For those already using the service that haven’t already suggested and voted for plugins you can start doing that here. [Read more]

4 Apr 2016

When Full Disclosure of a Claimed WordPress Plugin Vulnerability Leads To A Bigger Problem

When it comes to disclosing security vulnerabilities, a major issue is when the vulnerability should be disclosed. On one side is full disclosure, which involves disclosing it as soon as possible, including before the vulnerability has been fixed. On the other side is responsible disclosure, which involves disclosing a vulnerability in a coordinated manner sometime after it has been fixed. Both have issues worth discussing, but in this post we will focus on one example of what can go wrong when a claimed vulnerability in a WordPress plugin is disclosed without giving the developer prior notification.

On March 28 a report claiming there was a cross-site scripting (XSS) vulnerability in the CloudFlare plugin was released. We say claimed because in normal circumstances this would not be a vulnerability. While the report describes the threat as: [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Tag Archives: CloudFlare