Support » Plugin: Social Sharing Plugin - Kiwi » Blocked Attack on Kiwi Plugin

  • I have a site running the free version of WordFence. I recently got a blocked attack notification from a foreign IP that said the following:

    “Blocked for Kiwi Social Share <= 2.0.10 – Unauthenticated Read Any Option”

    I don’t have this plugin, and I’m pretty sure I never tried to install it. I asked my hosting company if they could locate folders for it in my directory, but they were not able to. After doing more research, I see that this version of the plugin is easy to exploit. I also had two failed login attempts on my admin account with the correct username. I am confused as to why my hosting provider wouldn’t be able to locate these plugin folders but WordFence blocked an attack. Can you help point me in the right direction? I haven’t had this type of notification before.

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author WPKube

    (@wpkube)

    Hi,

    There’s bots that go through WordPress websites and try known exploits in plugins. They don’t check if the plugins are installed they just try to use the exploits.

    WordFence knows about that specific exploit and has recognized the attempt to use it and blocked it.

    Bots can try to use known exploits regardless if the plugin they try to exploit is there or not. If it is and is vulnerable it would succeed, if it’s not there then nothings happens, attack fails.

    So, nothing to worry about. You’ll occasionally see blocked attempts for plugins you do not have.

Viewing 1 replies (of 1 total)
  • The topic ‘Blocked Attack on Kiwi Plugin’ is closed to new replies.