We are pleased to announce that the new updated WAF rulesets version 2.97 were released.
Changelog
- Added a rule for WordPress Plugin Ultimate Membership Pro < 8.7 CSRF for Arbitrary Account Deletion
- Added a rule for WordPress Plugin Ultimate Membership Pro < 8.7 CSRF for Arbitrary Account Creation
- Added a rule for WordPress Plugin Ultimate Membership Pro < 8.6.2 CSRF for Delete an Arbitrary User
- Added a rule for WordPress Plugin Tutor LMS 1.5.3 CSRF to Add User
- Added a rule for WordPress WebShell in Fake Plugin blnmrpb
- Added a rule for Joomla Component Creative Contact Form 4.6.2 Directory Traversal
- Added a rule for Arbitrary file upload in class.upload.php (CVE-2019-19634)
- Added a rule for WordPress Plugin Import Export Users < 1.3.9 Authenticated Arbitrary User Creation
- Added a rule for WordPress Plugin Merge + Minify + Refresh < 1.10.7 Authenticated Arbitrary File Delete
- Added a rule for WordPress Plugin WP Fastest Cache < 0.9.0.3 CSRF Arbitrary File Deletion
- Added a rule for WordPress Plugin Pricing Table by Supsystic < 1.8.1 CSRF to XSS and Setting Changes
- Added a rule for WordPress Plugin Pricing Table by Supsystic < 1.8.1 CSRF to XSS and Setting Changes
- Added a rule for Switched to block after monitoring
- Added a rule for Modified after monitoring
- Added a rule for WordPress Plugin wpdefault Backdoor Plugin
- Added a rule for Joomla Component com_newsfeeds SQLi vulnerability
- Added a rule for WordPress Plugin File Upload < 4.13.0 - Directory Traversal to RCE
- Added a rule for WordPress Plugin WPML < 4.3.7 - Authenticated CSRF leading to RCE
- Added a rule for WordPress Plugin Category and Page Icons Arbitrary File Deletion
- Added a rule for WordPress Plugin Popup Builder Authenticated Settings Modification
- Added a rule to Block Malware that changes .contactinfo on cPanel