We are pleased to announce that the new updated WAF rulesets version 2.97 were released.

Changelog

• Added a rule for WordPress Plugin Ultimate Membership Pro < 8.7 CSRF for Arbitrary Account Deletion
• Added a rule for WordPress Plugin Ultimate Membership Pro < 8.7 CSRF for Arbitrary Account Creation
• Added a rule for WordPress Plugin Ultimate Membership Pro < 8.6.2 CSRF for Delete an Arbitrary User
• Added a rule for WordPress Plugin Tutor LMS 1.5.3 CSRF to Add User
• Added a rule for WordPress WebShell in Fake Plugin blnmrpb
• Added a rule for Joomla Component Creative Contact Form 4.6.2 Directory Traversal
• Added a rule for Arbitrary file upload in class.upload.php (CVE-2019-19634)
• Added a rule for WordPress Plugin Import Export Users < 1.3.9 Authenticated Arbitrary User Creation
• Added a rule for WordPress Plugin Merge + Minify + Refresh < 1.10.7 Authenticated Arbitrary File Delete
• Added a rule for WordPress Plugin WP Fastest Cache < 0.9.0.3 CSRF Arbitrary File Deletion
• Added a rule for WordPress Plugin Pricing Table by Supsystic < 1.8.1 CSRF to XSS and Setting Changes
• Added a rule for WordPress Plugin Pricing Table by Supsystic < 1.8.1 CSRF to XSS and Setting Changes
• Added a rule for Switched to block after monitoring
• Added a rule for Modified after monitoring
• Added a rule for WordPress Plugin wpdefault Backdoor Plugin
• Added a rule for Joomla Component com_newsfeeds SQLi vulnerability
• Added a rule for WordPress Plugin File Upload < 4.13.0 - Directory Traversal to RCE
• Added a rule for WordPress Plugin WPML < 4.3.7 - Authenticated CSRF leading to RCE
• Added a rule for WordPress Plugin Category and Page Icons Arbitrary File Deletion
• Added a rule for WordPress Plugin Popup Builder Authenticated Settings Modification
• Added a rule to Block Malware that changes .contactinfo on cPanel