Recently, Alibaba Cloud keeps sending SMS notifications about vulnerabilities on the website. If you want to view detailed information and fix the vulnerabilities through the Cloud Shield backend, you need to upgrade to the professional version of Cloud Shield. How can we afford the professional version as ordinary users? Helplessly, we can only search for solutions online.

wordpress IP Validation Vulnerability

Vulnerability description: The wp_http_validate_url function in the /wp-includes/http.php file of WordPress improperly validates input IP addresses, allowing hackers to bypass the validation and perform SSRF attacks using malformed IP addresses like 012.10.10.10.

Fix solution: Find the file /wp-includes/http.php and locate around line 465:

$same_host = strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] );

Change it to:

if ( isset( $parsed_home['host'] ) ) { $same_host = ( strtolower( $parsed_home['host'] ) === strtolower( $parsed_url['host'] ) || 'localhost' === strtolower( $parsed_url['host'] ) ); } else { $same_host = false; } ;

Around line 478, find:

if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0]

Modify it to:

if ( 127 === $parts[0] || 10 === $parts[0] || 0 === $parts[0]  || 0 === $parts[0]

wordpress Backend Plugin Update Module Arbitrary Directory Traversal DOS Vulnerability

Vulnerability description: In the /wp-admin/includes/ajax-actions.php file of WordPress, the input parameter plugin for the code plugin path is not properly normalized and escaped, allowing hackers to pass in special paths and cause denial of service.

Fix solution: Find the file /wp-admin/includes/ajax-actions.php and locate around line 2890:

$plugin = urldecode( $_POST['plugin'] );

Add:

$plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );

Finally, re-validate the vulnerabilities in the Alibaba Cloud Shield console. Refer to the document: 阿里云主机wordpress漏洞官方修复方案汇总