<?php // NinjaFirewall's drop-in rules ~ Do not delete this file!
  if (! defined( 'NFW_ENGINE_VERSION' ) ) { die( 'Forbidden' ); } if (defined('WP_CLI') && WP_CLI ) { return; } if (! is_super_admin() ) { if ( isset( $_REQUEST['action'] ) ) { if ( $_REQUEST['action'] == 'rs_ajax_action' && $_POST['client_action'] == 'library.load.image' && isset( $_POST['data'][0]['id'] ) ) { if ( preg_match('/\.php$/', $_POST['data'][0]['id'] ) ) { nfw_dropin_block("REQUEST:action = library.load.image, File = {$_POST['data'][0]['id']}", 3, 1642); } } if ( $_REQUEST['action'] == 'wpr_addons_upload_file' && ! empty( $_FILES['uploaded_file'] ) ) { $res = strtolower( wp_unique_filename( __DIR__, $_FILES['uploaded_file']['name'] ) ); if ( preg_match('/\.(?:ph(?:p([34x7]|5\d?)?|t(ml)?|ar)|html?)\b/', $res ) ) { nfw_dropin_block("REQUEST:action = wpr_addons_upload_file, File = {$_FILES['uploaded_file']['name']}", 3, 1630); } } if ( $_REQUEST['action'] == 'dnd_codedropz_upload' && ! empty( $_FILES['upload-file'] ) ) { $res = strtolower( wp_unique_filename( __DIR__, $_FILES['upload-file']['name'] ) ); if ( preg_match('/\.ht(?:access|passwd)|(?:php\d?|\.user)\.ini|\.ph(?:p([34x7]|5\d?)?|t(ml)?|ar)(?:\.|$)/', $res ) ) { nfw_dropin_block("REQUEST:action = dnd_codedropz_upload, File = {$_FILES['upload-file']['name']}", 3, 1631); } } if ( ( $_REQUEST['action'] == 'everest_forms_upload_file' || $_REQUEST['action'] == 'everest_forms_remove_file') && nfw_dropin_isvulnplugin('everest-forms/everest-forms.php', '3.0.9.5') === true ) { nfw_dropin_block("REQUEST:action = {$_REQUEST['action']}", 3, 1640 ); } if ( $_REQUEST['action'] == 'userpro_fbconnect' && nfw_dropin_isvulnplugin('userpro/index.php', '5.1.5') === true ) { nfw_dropin_block("REQUEST:action = userpro_fbconnect", 3, 1633); } if ( $_REQUEST['action'] == 'wpr_addons_upload_file' && ! empty( $_FILES['uploaded_file'] ) && ! preg_match('/\.(?:jpe?g|png|gif|pdf|docx?|pptx?|odt|avi|ogg|m4a|mov|mp3|mp4|mpg|wav|wmv|txt)$/', $_FILES['uploaded_file']['name'] ) ) { nfw_dropin_block("REQUEST:uploaded_file = {$_FILES['uploaded_file']['name']}", 3, 1636); } if ( $_REQUEST['action'] == 'userpro_process_form' && $_POST['template'] == 'change' && nfw_dropin_isvulnplugin('userpro/index.php', '5.1.9') === true ) { nfw_dropin_block("REQUEST:action = userpro_process_form/change", 3, 1637); } } if ( ( isset( $_SERVER['REQUEST_URI'] ) && stripos( $_SERVER['REQUEST_URI'], '/KirkiComponentLibrary/v1/kirki-forgot-password') || isset( $_REQUEST['rest_route'] ) && stripos( $_REQUEST['rest_route'], '/KirkiComponentLibrary/v1/kirki-forgot-password') ) && nfw_dropin_isvulnplugin('kirki/kirki.php', '6.0.7') === true ) { nfw_dropin_block('Privilege escalation', 3, 1645); } if ( isset( $_SERVER['HTTP_X_BURSTMAINWP'] ) && isset ( $_SERVER['HTTP_AUTHORIZATION'] ) && nfw_dropin_isvulnplugin('burst-statistics/burst.php', '3.4.2') === true ) { nfw_dropin_block("HTTP_AUTHORIZATION: {$_SERVER['HTTP_AUTHORIZATION']}", 3, 1643); } if ( isset( $_COOKIE['litespeed_role'] ) && isset( $_COOKIE['litespeed_hash'] ) && nfw_dropin_isvulnplugin('litespeed-cache/litespeed-cache.php', '6.4') === true ) { nfw_dropin_block('Unauthenticated action', 3, 1638); } if ( ( isset( $_SERVER['REQUEST_URI'] ) && stripos( $_SERVER['REQUEST_URI'], '/bricks/v1/render_element') || isset( $_REQUEST['rest_route'] ) && stripos( $_REQUEST['rest_route'], '/bricks/v1/render_element') ) && ! current_user_can('edit_posts') ) { nfw_dropin_block("Unauthenticated action", 3, 1635); } if ( ( isset( $_SERVER['REQUEST_URI'] ) && stripos( $_SERVER['REQUEST_URI'], '/sure-triggers/v1/connection/create-wp-connection') || isset( $_REQUEST['rest_route'] ) && stripos( $_REQUEST['rest_route'], '/sure-triggers/v1/connection/create-wp-connection') ) && nfw_dropin_isvulnplugin('suretriggers/suretriggers.php', '1.0.83') === true ) { nfw_dropin_block('Privilege escalation', 3, 1641); } if ( ( isset( $_SERVER['REQUEST_URI'] ) && stripos( $_SERVER['REQUEST_URI'], 'reallysimplessl/v1/two_fa/skip_onboarding') || isset( $_REQUEST['rest_route'] ) && stripos( $_REQUEST['rest_route'], 'reallysimplessl/v1/two_fa/skip_onboarding') ) && ( nfw_dropin_isvulnplugin('really-simple-ssl/rlrsssl-really-simple-ssl.php', '9.1.2') === true || nfw_dropin_isvulnplugin('really-simple-ssl-pro/really-simple-ssl-pro.php', '9.1.2') === true ) && isset( $_REQUEST['user_id'] ) && $_REQUEST['user_id'] == 1 ) { nfw_dropin_block("Unauthenticated action", 3, 1639); } if ( (! empty( $_POST['save_root'] ) && isset( $_POST['wp_extra']['htaccess_root'] ) ) || (! empty( $_POST['save_content'] ) && isset( $_POST['wp_extra']['htaccess_content'] ) ) || (! empty( $_POST['save_includes'] ) && isset( $_POST['wp_extra']['htaccess_includes'] ) ) ) { nfw_dropin_block( "wp_extra = ". json_encode( $_POST['wp_extra'] ), 3, 1632 ); } if ( isset( $_POST['directorist_reset_password'] ) && nfw_dropin_isvulnplugin('directorist/directorist-base.php', '7.5.5') === true ) { nfw_dropin_block( "directorist_reset_password = {$_POST['directorist_reset_password']}", 3, 1631 ); } if ( ( isset( $_SERVER['HTTP_AUTH_KEY'] ) && $_SERVER['HTTP_AUTH_KEY'] == 0 ) && ( stripos( $_SERVER['REQUEST_URI'], '/post-smtp/v1/connect-app') !== false || stripos( $_REQUEST['rest_route'], '/post-smtp/v1/connect-app') !== false ) ) { nfw_dropin_block('Empty Auth-Key', 3, 1634 ); } } function nfw_dropin_block( $message, $level, $rule ) { $nfw_options = nfw_get_option('nfw_options'); NinjaFirewall_log::write( 'WP vulnerability', $message, $level, $rule, $nfw_options, NFW_LOG_DIR .'/nfwlog' ); exit('NinjaFirewall blocked your request, please contact the administrator.'); } function nfw_dropin_can_edit_post( $postid ) { $type = get_post_type( (int) $postid ); if ( ( $type == 'page' || $type == 'post' ) && ! current_user_can( "edit_{$type}", $postid ) ) { return false; } return true; } function nfw_dropin_can_delete_post( $postid ) { $type = get_post_type( (int) $postid ); if ( ( $type == 'page' || $type == 'post' ) && ! current_user_can( "delete_{$type}", $postid ) ) { return false; } return true; } function nfw_dropin_isvulnplugin( $slug, $version ) { if ( file_exists( WP_PLUGIN_DIR ."/$slug") ) { if (! function_exists('get_plugin_data') ) { require_once( ABSPATH .'wp-admin/includes/plugin.php'); } $info = get_plugin_data( WP_PLUGIN_DIR ."/$slug"); if (version_compare( $info['Version'], $version, '<') ) { return true; } } return false; }