Outdated Word Press site plug-ins, hardening proposals...

Re: Plugin Update Status About
wp-fastest-cache 1.1.0 Warning latest release (1.1.6)
http://wordpress.org/plugins/wp-fastest-cache/
wordpress-seo 20.0 Warning latest release (20.8)
https://yoa.st/1uj
formidable 5.5.6 Warning latest release (6.3.1)
https://formidableforms.com/ Outdated versions detected.

Externally linkes host - goomedia.digitaal-magazine.nl AMAZON-02

At what site? → https://sitecheck.sucuri.net/results/teleplaza.nl (redhat nginx website)

Hardening proposals: see: https://sitecheck.sucuri.net/results/teleplaza.nl

polonus

But potentially malicious script detected on same IP at website -https://aika.fiber.nl/

What? Detected Potentially Suspicious Files by Quttera’s.
File name /assets/index-3bb9e352.js
Threat name PS.SuspScript.gen
File type ASCII
Reason Detected hidden call to replace.
Details Detected potentially suspicious content.
Threat dump XXXXX[[constt=Ve(Ho),n=Ve(Xh),r=Lt(()=>t.resolve(Is(e.to))),s=Lt(()=>{const{matched:c}=r.value,{length:a}=c,u=c[a-1],f=n.matched;if(!u||!f.length)return-1;constd=f.findIndex(rs.bind(null,u));if(d>-1)returnd;consth=uf(c[a-2]);returna>1%26%26uf(u)===h%26%26f[f.length-1].path!==h?f.findIndex(rs.bind(null,c[a-2])):d}),i=Lt(()=>s.value>-1%26%26cb(n.params,r.value.params)),o=Lt(()=>s.value>-1%26%26s.value===n.matched.length-1%26%26Qh(n.params,r.value.params));functionl(c={}){returnlb(c)? XXXX tIs(e.replace)?“replace”:“push”.catch(Us)]]
Threat MD5 63B0995854A8AE1AB3F6CD6BCA2AC381
File MD5 ACFD0BC080EC2B73325ABA8F0F345345
Line Available via API only.

Solution: use replace when redirecting from an invalid url…

polonus

New gaping hole to be patched:
https://www.wordfence.com/blog/2023/06/critical-security-update-directorist-wordpress-plugin-patches-two-high-risk-vulnerabilities/

pol