Hub WAF rule

More info

vpatch-CVE-2025-3605 WAF Rule

« WordPress Frontend Login And Registration Blocks - Privilege Escalation »
v0.1 by crowdsecurity
WAF rule

Detects privilege escalation in WordPress Frontend Login and Registration Blocks plugin via unauthorized email update.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2025-3605

YAML Configuration

1## autogenerated on 2025-09-24 14:46:43
2name: crowdsecurity/vpatch-CVE-2025-3605
3description: 'Detects privilege escalation in WordPress Frontend Login and Registration Blocks plugin via unauthorized email update.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: contains
12          value: /wp-admin/admin-ajax.php
13      - zones:
14          - BODY_ARGS
15        variables:
16          - action
17        transform:
18          - lowercase
19        match:
20          type: equals
21          value: flrblocksusersettingsupdatehandle
22      - zones:
23          - BODY_ARGS_NAMES
24        transform:
25          - lowercase
26        match:
27          type: contains
28          value: flr-blocks-email-update
29
30labels:
31  type: exploit
32  service: http
33  confidence: 3
34  spoofable: 0
35  behavior: 'http:exploit'
36  label: 'WordPress Frontend Login And Registration Blocks - Privilege Escalation'
37  classification:
38    - cve.CVE-2025-3605
39    - attack.T1068
40    - cwe.CWE-639
41

Hub WAF rule

« WordPress Frontend Login And Registration Blocks - Privilege Escalation »v0.1 by crowdsecurityWAF rule

« WordPress Frontend Login And Registration Blocks - Privilege Escalation »
v0.1 by crowdsecurity
WAF rule