Rule History

SID: 2045881 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 2 • May 30, 2023, 12:00 PM

Message:

ET WEB_SPECIFIC_APPS Wordpress - posts-layout (post-layout Doppelganger) Plugin Activation

Rule:

alert http $EXTERNAL_NET any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET WEB_SPECIFIC_APPS Wordpress - posts-layout (post-layout Doppelganger) Plugin Activation"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/wp-admin/plugins.php?"; content:"action=activate"; content:"plugin=posts-layouts|2f|posts-layouts.php"; fast_pattern; reference:url,blog.sucuri.net/2023/05/vulnerability-in-essential-addons-for-elementor-leads-to-mass-infection.html; classtype:web-application-attack; sid:2045881; rev:2; metadata:affected_product Wordpress, attack_target Web_Server, created_at 2023_05_30, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Critical, updated_at 2023_05_31; target:dest_ip;)

Created:

May 30, 2023, 12:00 PM

Updated:

May 31, 2023, 12:00 PM

DB Created:

May 30, 2023, 10:00 PM

DB Updated:

May 31, 2024, 9:00 PM

Filename:

rules/emerging-web_specific_apps.rules