We are pleased to announce that new updated WAF rulesets version 2.94 are released.
Changelog
- Added a new rule for WordPress Popup Builder Plugin SQL injection via PHP Deserialization. CVSS Score: 7.5. Severity: High
- Added a new rule for WordPress Profile Builder Plugin Unauthenticated Administrator Registration. CVSS Score: 10.0. Severity: Critical
- Added a new rule for WordPress Forminator Plugin Remote File Upload Exploit. Severity:High. 0-day vulnerability
- Added a new rule for WordPress KenBurner Slider Plugin Unauthenticated Arbitrary File Download. Severity:High
- Added a new rule for WordPress Caching Plugins Remote PHP Code Execution. CVSS Score: 7.5. Severity: High
- Added a new rule for WordPress GDPR Cookie Consent plugin < 1.8.3 Improper Access Controls. CVSS Score: 9.0. Severity: Critical