<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

WAF Rules v.2.99 Released

 

WAF-minor-release1

We are pleased to announce that new updated WAF rulesets version 2.99 were released to production.

Changelog

  • Added a rule for WordPress custom-searchable-data-entry-system SQL injection
  • Added a rule for WordPress StatTraq 1.3.0 SQL Injection
  • Added a rule for WordPress Event-Registration Plugin 5.43 - Arbitrary File Upload
  • Updated a ruleset for ModSec 3 on LiteSpeed / OpenLiteSpeed
  • Added a rule for WordPress Rank Math SEO Plugin - Privilege Escalation via Unprotected REST API Endpoint (CVE-2020-11514)
  • Added a rule for WordPress Elementor Page Builder plugin < 2.9.6 - Authenticated Safe Mode Privilege Escalation
  • Added a rule for WordPress The Hustle (aka wordpress-popup) plugin - Directory Traversal (CVE-2018-18576)
  • Added a rule for WordPress plugin Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
  • Added a rule for PHPMailer < 5.2.20 - Remote Code Execution
  • Added a rule for WordPress plugin WP Advanced Search < 3.3.4 - Unauthenticated Database Access and Remote Code Execution (RCE)
  • Added a rule fro WordPress plugin Brizy - Page Builder < 1.0.114 - Unauthenticated Site Settings Update Access

WAF Rules v.2.99 Released

 

WAF-minor-release1

We are pleased to announce that new updated WAF rulesets version 2.99 were released to production.

Changelog

  • Added a rule for WordPress custom-searchable-data-entry-system SQL injection
  • Added a rule for WordPress StatTraq 1.3.0 SQL Injection
  • Added a rule for WordPress Event-Registration Plugin 5.43 - Arbitrary File Upload
  • Updated a ruleset for ModSec 3 on LiteSpeed / OpenLiteSpeed
  • Added a rule for WordPress Rank Math SEO Plugin - Privilege Escalation via Unprotected REST API Endpoint (CVE-2020-11514)
  • Added a rule for WordPress Elementor Page Builder plugin < 2.9.6 - Authenticated Safe Mode Privilege Escalation
  • Added a rule for WordPress The Hustle (aka wordpress-popup) plugin - Directory Traversal (CVE-2018-18576)
  • Added a rule for WordPress plugin Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
  • Added a rule for PHPMailer < 5.2.20 - Remote Code Execution
  • Added a rule for WordPress plugin WP Advanced Search < 3.3.4 - Unauthenticated Database Access and Remote Code Execution (RCE)
  • Added a rule fro WordPress plugin Brizy - Page Builder < 1.0.114 - Unauthenticated Site Settings Update Access
Subscribe to Imunify security Newsletter