In our effort to continue to look for new ways to help better protect our customers from vulnerabilities in WordPress plugins we recently went looking to see if there was any value to looking at failed requests for files in the /wp-content/uploads/ directories in our websites to gather data on vulnerabilities we are not already aware of. After going through hundreds of requests from the past few months what we had found was nothing we didn’t already know, while there were lots of requests for files that would have been added through arbitrary file upload vulnerabilities in plugins, these were all vulnerabilities we already knew about, many of them which we had been the ones that discovered they were being exploited through other means in the past (hackers fairly continually try to exploit a few vulnerabilities).

Shortly after that though we had a different type of request show up. The request was for a file that would be at /wp-content/uploads/woocommerce-order-export.csv.txt. From the name that would seem to be a file that would contain order data from WooCommerce. When we went to look for what the source of that might be we found what might explain the request, a module for a claimed security scanner named “SVScanner – Scanner Vulnerability And MaSsive Exploit.” That doesn’t give any indication of a source of the file or if the people behind it are even aware of the source. [Read more]