We are pleased to announce that new updated WAF rulesets version 2.98 were released to production.
Changelog
- Added a rule for Remote SQL Injection Vulnerability in Lokomedia CMS
- Added a rule for WordPress Plugin WPvivid Backup < 0.9.36 - Missing Authorization CSRF
- Added rules for WordPress Plugin WPvivid Backup < 0.9.36 - Missing Authorization Auth Bypass
- Added a rule for WordPress Plugin Data Tables Generator By Supsystic < 1.9.92 - Multiple Vulnerabilities
- Added a rule for Arbitrary File Read In dompdf
- Added rules for Wordpress Plugin IMPress for IDX Broker < 2.6.2 - Authenticated Post Creation, Modification, and Deletion
- Added a rule for Unauthenticated RCE via Outdated PHPUnit
- Added a rule for WordPress Plugin RegistrationMagic - Authenticated Privilege Escalation
- Added a rule for WordPress Plugin RegistrationMagic - CSRF vulnerability
- Added a rule for WordPress Plugin RegistrationMagic - SQLi vulnerability
- Added a rule for Block Joomla spam via web contact
- Added a rule for WordPress CMS bot reconnaissance
- Added a rule for Joomla! Component GMapFP 3.30 - Arbitrary File Upload
- Added a rule for WordPress Plugin Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints