Malicious requests: January 2023
Most Notable: Request to /wp-content/plugins/contact-form-7/includes/block-editor/data.php - checking for version 5.3.1 and earlier which allows Unrestricted File Upload and remote code execution. CVE-2020-35489
Request to /libraries/plupload/examples/upload.php - uploads files to temp directory of the server . Malicious code can be saved to permanent directory using the temp directory.
Request to deploy.env - tries to expose sensitive information like secret keys from misconfigured web servers running JavaScript.
Request to compose.env - tries to expose sensitive information like secret keys from misconfigured web servers running Docker.
Request to deploy.yaml - checking if the server is running Kubernetes. Under certain circumstances deserialization exploits can be used to upload malicious code.
Request to compose.yaml - checking for docker-compose under certain circumstances there’s a remote code execution vulnerability.
Request to /wp-content/plugins/beautiful-and-responsive-cookie-consent/public/cookieNSCconsent.min.js - checking for older version which allowed Cross Site Scripting (XSS) attacks.
Request to /wp-content/plugins/learnpress/assets/css/widgets.css - checking for older version which allowed Cross Site Scripting (XSS) attacks.
Request to /wp-content/plugins/gp-premium/hooks/functions/engine.php - checking for gp-premium plugin which had exploitable JavaScript assets bundled in a previous version.
Request to /wp-content/themes/twentytwentythree/styles/load-settings.php - checking for critical vulnerability in WooCommerce. https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/