A vulnerability recently disclosed by Wordfence and published as CVE-2020-7047 and CVE-2020-7048 allows an attacker to take over vulnerable WordPress-based websites.
Functionality in the WP Database Reset plugin introduced the vulnerability, which allows any unauthenticated user to reset any table in the database to its initial state when it was installed, deleting all the content in the database.
Certain versions of PHP 7 running on NGINX with php-fpm enabled can be vulnerable to the remote code execution vulnerability CVE-2019-11043.
Given the simplicity of the exploit, all web servers using the vulnerable version of PHP should be upgraded to non-vulnerable PHP versions as soon as possible. Because the vulnerability is limited to specific configurations, the number of vulnerable installations is smaller than it might be.
Qualys Web Application Scanning (WAS) will test for this vulnerability as long as QIDs 150270 and 150271 are included in your scan. We recommend organizations immediately remediate all systems that are vulnerable. While you are getting ready to patch, you can easily deploy a virtual patch via pre-built templates in Qualys Web Application Firewall.
Remediation instructions are included below.
Organizations that use automated scanners to test the security of their web apps must watch out for instances where these tools may trigger user account lockouts inadvertently. Here we explain why this occurs and offer some tips for how to prevent this from happening with Qualys Web Application Scanning (WAS).