Python Conference APAC 2024

Enhancing Actively Attacked WordPress Vulnerability Detection with Python, WP-CLI Vulnerability Scanner, and Imunify360 Incident Logs
2024-10-27 , CLASS #2 - 4B
Language: English

This paper presents a solution for detecting actively exploited WordPress vulnerabilities in a shared hosting environment. Recent reports indicate a significant increase in reported vulnerabilities, highlighting growing risk. Analysis from Patchstack shows a 24% rise in vulnerabilities from 2022 to 2023 [1], while WPScan reports substantial increase in reports from 2014, 2022, 2023, until 2024 especially among free plugins and themes [2]. Given these findings, detecting these vulnerabilities is crucial, particularly in shared hosting where users may lack awareness. Leveraging CloudLinux’s Imunify360 WAF rules, which includes WordPress vulnerability signatures, this study integrates incident logs from Imunify360’s SQLite database, WP-CLI Vulnerability Scanner, and Python for detection. By correlating WAF-triggered attacks, Static Analysis of version from WP-CLI Vulnerability, modifying date of plugin, theme, and core WordPress, the approach enhances the identification of actively exploited vulnerabilities.


This paper addresses the pressing challenge of detecting actively exploited WordPress vulnerabilities within shared hosting environments. Recent studies have underscored a concerning uptick in reported vulnerabilities, with Patchstack highlighting a 24% increase from 2022 to 2023 [1]. WPScan's findings reveal significant growth since 2014, particularly among free plugins and themes [2]. Detecting these vulnerabilities is crucial, especially in shared hosting where users often lack awareness of potential risks.

To tackle this issue, the study leverages CloudLinux's Imunify360 WAF rules, specifically designed with WordPress vulnerability signatures. It integrates incident logs from Imunify360's SQLite database, alongside tools like WP-CLI Vulnerability Scanner and Python, for comprehensive detection methods. By correlating WAF-triggered attacks with static analysis of plugin, theme, and core WordPress file modifications, the approach enhances the precision in identifying actively exploited vulnerabilities.

This research contributes valuable insights and practical methodologies aimed at fortifying WordPress security measures, particularly in environments where the risk of exploitation is heightened.

[1] Source: https://patchstack.com/whitepaper/state-of-wordpress-security-in-2024
[2] Source: https://wpscan.com/statistics/

See also: GitHub

Professional Title: Linux System Administrator
Company: DomaiNesia

I am Nizar Akbar Meilani, a Linux System Administrator in shared hosting company DomaiNesia. I am a System Administrator which helps everything in shared hosting runs smoothly and securely. As a good System Administrator, my motto is precise data from analysis is better than assumptions.