Imunify360 Blog

WAF Rules Updated

Written by Inessa Atmachian | Mar 4, 2020 5:22:01 PM

 

We are pleased to announce that new updated WAF rulesets version 2.94 are released.

Changelog

  • Added a new rule for WordPress Popup Builder Plugin SQL injection via PHP Deserialization. CVSS Score: 7.5. Severity: High
  • Added a new rule for WordPress Profile Builder Plugin Unauthenticated Administrator Registration. CVSS Score: 10.0. Severity: Critical
  • Added a new rule for WordPress Forminator Plugin Remote File Upload Exploit. Severity:High. 0-day vulnerability
  • Added a new rule for WordPress KenBurner Slider Plugin Unauthenticated Arbitrary File Download. Severity:High
  • Added a new rule for WordPress Caching Plugins Remote PHP Code Execution. CVSS Score: 7.5. Severity: High
  • Added a new rule for WordPress GDPR Cookie Consent plugin < 1.8.3 Improper Access Controls. CVSS Score: 9.0. Severity: Critical