英文:
wordpress security vulnerability issue
问题
I can see that you have provided a lot of logs and text. Please let me know which specific parts you would like me to translate, and I'll be happy to help.
英文:
Some themes were edited in WordPress and 2 undeleted users were added (I deleted users on mysql). What can I do for this issue.
WordPress version 6.0.1
If you share experience about that,It could be great.
As I understand, he/she logged directly.
- Where is the security vulnerability
- What kind of tool I can use it ?
Logs:
"x.x.x.x - - [30/Mar/2023:08:25:34 +0000] "GET / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:35 +0000] "GET / HTTP/1.1" 200 36689 "http://example.com" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:35 +0000] "POST //wp-admin/admin-post.php HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:36 +0000] "GET //wp-login.php?action=register HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:36 +0000] "GET /wp-login.php?registration=disabled HTTP/1.1" 200 2188 "https://example.com//wp-login.php?action=register" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:36 +0000] "GET //my-account HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:36 +0000] "GET //wp-content/plugins/elementor-pro/changelog.txt HTTP/1.1" 200 34826 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:37 +0000] "GET //my-account HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:36 +0000] "GET /my-account/ HTTP/1.1" 200 26317 "https://example.com//my-account" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:38 +0000] "GET /my-account/ HTTP/1.1" 200 26371 "https://example.com/my-account/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:25:37 +0000] "GET /my-account/ HTTP/1.1" 200 26315 "https://example.com//my-account" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:25:39 +0000] "POST / HTTP/1.1" 200 36717 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:25:39 +0000] "POST / HTTP/1.1" 200 36705 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:27:29 +0000] "POST / HTTP/1.1" 200 36701 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:27:30 +0000] "POST //my-account/?action=register HTTP/1.1" 200 26416 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:27:30 +0000] "POST //my-account/?action=register HTTP/1.1" 200 26377 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:27:31 +0000] "POST //my-account/?action=register HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:32 +0000] "GET /my-account/ HTTP/1.1" 200 25560 "https://example.com//my-account/?action=register" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:34 +0000] "GET /wp-admin/profile.php?wc-ajax=1 HTTP/1.1" 200 69740 "https://example.com/wp-admin/profile.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:34 +0000] "POST /wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78 HTTP/1.1" 200 78 "https://example.com/wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:33 +0000] "POST //wp-admin/profile.php?wc-ajax=1 HTTP/1.1" 302 0 "https://example.com//wp-admin/profile.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:35 +0000] "POST /wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78 HTTP/1.1" 200 78 "https://example.com/wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:35 +0000] "GET /wp-login.php?action=register HTTP/1.1" 200 1516 "https://example.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:35 +0000] "POST /wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78 HTTP/1.1" 200 78 "https://example.com/wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:38 +0000] "GET /wp-admin HTTP/1.1" 301 449 "https://example.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:36 +0000] "POST /wp-login.php?action=register HTTP/1.1" 302 0 "https://example.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:38 +0000] "GET /wp-admin/ HTTP/1.1" 302 0 "https://example.com/wp-admin" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:39 +0000] "POST /wp-login.php?action=register HTTP/1.1" 200 1644 "https://example.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:39 +0000] "GET /my-account/ HTTP/1.1" 200 25557 "https://example.com/wp-admin/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:45 +0000] "GET /wp-login.php?action=rp HTTP/1.1" 200 2477 "https://example.com/wp-login.php?action=rp&key=nEM8IFfpuSCK8v0k6hsJ&login=wpnew_mimrmduqgpiv" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:45 +0000] "GET /wp-login.php?action=rp&key=nEM8IFfpuSCK8v0k6hsJ&login=wpnew_mimrmduqgpiv HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:46 +0000] "POST /wp-login.php?action=resetpass HTTP/1.1" 200 1157 "https://example.com/wp-login.php?action=resetpass" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:47 +0000] "GET /wp-login.php HTTP/1.1" 200 2152 "https://example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/102.0""
"x.x.x.x - - [30/Mar/2023:08:27:47 +0000] "POST /wp-login.php HTTP/1.1" 302 0 "https://example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0""
"x.x.x.x - - [30/Mar/2023:08:27:48 +0000] "GET /wp-admin HTTP/1.1" 301 449 "https://example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0""
"x.x.x.x - - [30/Mar/2023:08:27:48 +0000] "GET /wp-admin/ HTTP/1.1" 200 81379 "https://example.com/wp-admin" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0""
"x.x.x.x - - [30/Mar/2023:08:27:49 +0000] "GET /wp-admin/edit.php?post_type=page HTTP/1.1" 200 83663 "https://example.com/wp-admin/edit.php?post_type=page" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:50 +0000] "GET /wp-admin/admin.php?page=td_theme_panel&wc-ajax=1 HTTP/1.1" 403 67 "https://example.com/wp-admin/admin.php?page=td_theme_panel&wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:51 +0000] "POST /wp-admin/options-general.php?wc-ajax=1 HTTP/1.1" 200 69226 "https://example.com/wp-admin/options-general.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:51 +0000] "GET /wp-admin/plugin-install.php?wc-ajax=1 HTTP/1.1" 200 66607 "https://example.com/wp-admin/plugin-install.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:27:56 +0000] "POST /wp-admin/update.php?action=upload-plugin&wc-ajax=1 HTTP/1.1" 200 58112 "-" "Go-http-client/1.1""
"x.x.x.x - - [30/Mar/2023:08:27:59 +0000] "GET /wp-content/uploads/2023/03/wp-rate.php HTTP/1.1" 200 24 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:27:59 +0000] "POST /wp-admin/plugin-install.php?wc-ajax=1 HTTP/1.1" 200 65343 "https://example.com/wp-admin/plugin-install.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:01 +0000] "POST /wp-admin/update.php?action=upload-plugin&wc-ajax=1 HTTP/1.1" 200 58107 "-" "Go-http-client/1.1""
"x.x.x.x - - [30/Mar/2023:08:28:03 +0000] "POST /wp-admin/plugin-install.php?wc-ajax=1 HTTP/1.1" 200 65522 "https://example.com/wp-admin/plugin-install.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:08 +0000] "POST /wp-content/upgrade/lll/3.php HTTP/1.1" 200 43 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:28:09 +0000] "POST /wp-content/uploads/2023/03/lll/3.php HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:28:09 +0000] "GET / HTTP/1.1" 200 36717 "https://example.com/wp-content/uploads/2023/03/lll/3.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:28:06 +0000] "POST /wp-admin/update.php?action=upload-plugin&wc-ajax=1 HTTP/1.1" 200 58114 "-" "Go-http-client/1.1""
"x.x.x.x - - [30/Mar/2023:08:28:10 +0000] "POST /wp-admin/plugins.php?wc-ajax=1 HTTP/1.1" 200 103847 "https://example.com/wp-admin/plugins.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:12 +0000] "POST /wp-admin/plugins.php?wc-ajax=1&action=activate&plugin=wp-resortpack%2Fwp-resortpack.php&plugin_status=all&_wpnonce=ff2f09cd71 HTTP/1.1" 403 54 "https://example.com/wp-admin/plugins.php?wc-ajax=1&action=activate&plugin=wp-resortpack%2Fwp-resortpack.php&plugin_status=all&_wpnonce=ff2f09cd71" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:13 +0000] "POST /wp-admin/plugins.php?wc-ajax=1&action=activate&plugin=wp-resortpack%2Fwp-resortpack.php&plugin_status=all&_wpnonce=309b00e6bc HTTP/1.1" 302 0 "https://example.com/wp-admin/plugins.php?wc-ajax=1&action=activate&plugin=wp-resortpack%2Fwp-resortpack.php&plugin_status=all&_wpnonce=309b00e6bc" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:15 +0000] "GET /wp-admin/plugins.php?activate=true&plugin_status=all&paged=1&s= HTTP/1.1" 200 104831 "https://example.com/wp-admin/plugins.php?wc-ajax=1&action=activate&plugin=wp-resortpack%2Fwp-resortpack.php&plugin_status=all&_wpnonce=309b00e6bc" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:18 +0000] "GET /?dumpmestep=1 HTTP/1.1" 200 37106 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:28:17 +0000] "GET /?dumpmecheck=1 HTTP/1.1" 200 37108 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:28:18 +0000] "GET /?dumpmecheck=1 HTTP/1.1" 200 37108 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36""
"x.x.x.x - - [30/Mar/2023:08:28:19 +0000] "POST /wp-admin/theme-editor.php?wc-ajax=1&file=header.php HTTP/1.1" 200 64743 "https://example.com/wp-admin/theme-editor.php?wc-ajax=1&file=header.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:21 +0000] "POST /wp-admin/theme-editor.php?file=header.php&wc-ajax=1 HTTP/1.1" 200 65135 "https://example.com/wp-admin/theme-editor.php?file=header.php&wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:20 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 80 "https://example.com/wp-admin/admin-ajax.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:22 +0000] "POST /wp-admin/theme-editor.php?wc-ajax=1&file=footer.php HTTP/1.1" 200 63842 "https://example.com/wp-admin/theme-editor.php?wc-ajax=1&file=footer.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:22 +0000] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 80 "https://example.com/wp-admin/admin-ajax.php" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:23 +0000] "POST /wp-admin/theme-editor.php?file=footer.php&wc-ajax=1 HTTP/1.1" 200 64247 "https://example.com/wp-admin/theme-editor.php?file=footer.php&wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:24 +0000] "GET /wp-admin/profile.php?wc-ajax=1 HTTP/1.1" 200 69520 "https://example.com/wp-admin/profile.php?wc-ajax=1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:24 +0000] "POST /wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78 HTTP/1.1" 200 78 "https://example.com/wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
"x.x.x.x - - [30/Mar/2023:08:28:25 +0000] "POST /wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78 HTTP/1.1" 200 78 "https://example.com/wp-admin/admin-ajax.php?action=elementor_ajax&_nonce=7141626c78" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0""
答案1
得分: 1
Security vulnerability is in Elementor Pro. Details you can find here:
https://patchstack.com/articles/critical-elementor-pro-vulnerability-exploited/
英文:
Security vulnerability is in Elementor Pro. Details you can find here:
https://patchstack.com/articles/critical-elementor-pro-vulnerability-exploited/
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论