Imunify360 Blog

WAF Rules v.2.98 Released

Written by Inessa Atmachian | Apr 8, 2020 2:28:33 PM

 

We are pleased to announce that new updated WAF rulesets version 2.98 were released to production.

Changelog

  • Added a rule for Remote SQL Injection Vulnerability in Lokomedia CMS
  • Added a rule for WordPress Plugin WPvivid Backup < 0.9.36 - Missing Authorization CSRF
  • Added rules for WordPress Plugin WPvivid Backup < 0.9.36 - Missing Authorization Auth Bypass
  • Added a rule for WordPress Plugin Data Tables Generator By Supsystic < 1.9.92 - Multiple Vulnerabilities
  • Added a rule for Arbitrary File Read In dompdf
  • Added rules for Wordpress Plugin IMPress for IDX Broker < 2.6.2 - Authenticated Post Creation, Modification, and Deletion
  • Added a rule for Unauthenticated RCE via Outdated PHPUnit
  • Added a rule for WordPress Plugin  RegistrationMagic - Authenticated Privilege Escalation
  • Added a rule for WordPress Plugin RegistrationMagic - CSRF vulnerability
  • Added a rule for WordPress Plugin RegistrationMagic - SQLi vulnerability
  • Added a rule for Block Joomla spam via web contact
  • Added a rule for WordPress CMS bot reconnaissance
  • Added a rule for Joomla! Component GMapFP 3.30 - Arbitrary File Upload
  • Added a rule for WordPress Plugin Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints