'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339406)

Rule General Information
Release Date: 2025-08-19
Rule Name: WordPress Traffic Monitor plugin Unauthenticated Bot Logging Disable Vulnerability (CVE-2025-5815)
Severity:
CVE ID:
Rule Protection Details
Description: WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blog platform developed in PHP. It supports the setup of personal blog websites on servers running PHP and MySQL.The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.
Impact: Unauthenticated attackers can disable bot logging without requiring any prior access privileges.
Affected OS: Windows, Linux, Others
Reference: https://plugins.trac.wordpress.org/browser/traffic-monitor/trunk/traffic-monitor.php#L74
Solutions
Please contact the software vendor to update the software patch.