Python Conference APAC 2024

This paper presents a solution for detecting actively exploited WordPress vulnerabilities in a shared hosting environment. Recent reports indicate a significant increase in reported vulnerabilities, highlighting growing risk. Analysis from Patchstack shows a 24% rise in vulnerabilities from 2022 to 2023 [1], while WPScan reports substantial increase in reports from 2014, 2022, 2023, until 2024 especially among free plugins and themes [2]. Given these findings, detecting these vulnerabilities is crucial, particularly in shared hosting where users may lack awareness. Leveraging CloudLinux’s Imunify360 WAF rules, which includes WordPress vulnerability signatures, this study integrates incident logs from Imunify360’s SQLite database, WP-CLI Vulnerability Scanner, and Python for detection. By correlating WAF-triggered attacks, Static Analysis of version from WP-CLI Vulnerability, modifying date of plugin, theme, and core WordPress, the approach enhances the identification of actively exploited vulnerabilities.