<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

WAF Rules Updated

Mar 19, 2020 11:50:47 PM / by Inessa Atmachian

 

WAF-major-release1

We are pleased to announce that the new updated WAF rulesets version 2.97 were released.

Changelog

  • Added a rule for WordPress Plugin Ultimate Membership Pro < 8.7 CSRF for Arbitrary Account Deletion
  • Added a rule for WordPress Plugin Ultimate Membership Pro < 8.7 CSRF for Arbitrary Account Creation
  • Added a rule for WordPress Plugin Ultimate Membership Pro < 8.6.2 CSRF for Delete an Arbitrary User
  • Added a rule for WordPress Plugin Tutor LMS 1.5.3 CSRF to Add User
  • Added a rule for WordPress WebShell in Fake Plugin blnmrpb
  • Added a rule for Joomla Component Creative Contact Form 4.6.2 Directory Traversal
  • Added a rule for Arbitrary file upload in class.upload.php (CVE-2019-19634)
  • Added a rule for WordPress Plugin Import Export Users < 1.3.9 Authenticated Arbitrary User Creation
  • Added a rule for WordPress Plugin Merge + Minify + Refresh < 1.10.7 Authenticated Arbitrary File Delete
  • Added a rule for WordPress Plugin WP Fastest Cache < 0.9.0.3 CSRF Arbitrary File Deletion
  • Added a rule for WordPress Plugin Pricing Table by Supsystic < 1.8.1 CSRF to XSS and Setting Changes
  • Added a rule for WordPress Plugin Pricing Table by Supsystic < 1.8.1 CSRF to XSS and Setting Changes
  • Added a rule for Switched to block after monitoring
  • Added a rule for Modified after monitoring
  • Added a rule for WordPress Plugin wpdefault Backdoor Plugin
  • Added a rule for Joomla Component com_newsfeeds SQLi vulnerability
  • Added a rule for WordPress Plugin File Upload < 4.13.0 - Directory Traversal to RCE
  • Added a rule for WordPress Plugin WPML < 4.3.7 - Authenticated CSRF leading to RCE
  • Added a rule for WordPress Plugin Category and Page Icons Arbitrary File Deletion
  • Added a rule for WordPress Plugin Popup Builder Authenticated Settings Modification
  • Added a rule to Block Malware that changes .contactinfo on cPanel

Topics: WAF, ModSecurity, cPanel, Release

Inessa Atmachian

Written by Inessa Atmachian

Inessa Atmachian is a Technical Writer. She is responsible for developing technical product documentation for CloudLinux OS, KernelCare, and Imunify360 products. She provides customers with release notes and information on product updates.