We are pleased to announce that new updated WAF rulesets version 2.99 were released to production.

Changelog

• Added a rule for WordPress custom-searchable-data-entry-system SQL injection
• Added a rule for WordPress StatTraq 1.3.0 SQL Injection
• Added a rule for WordPress Event-Registration Plugin 5.43 - Arbitrary File Upload
• Updated a ruleset for ModSec 3 on LiteSpeed / OpenLiteSpeed
• Added a rule for WordPress Rank Math SEO Plugin - Privilege Escalation via Unprotected REST API Endpoint (CVE-2020-11514)
• Added a rule for WordPress Elementor Page Builder plugin < 2.9.6 - Authenticated Safe Mode Privilege Escalation
• Added a rule for WordPress The Hustle (aka wordpress-popup) plugin - Directory Traversal (CVE-2018-18576)
• Added a rule for WordPress plugin Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
• Added a rule for PHPMailer < 5.2.20 - Remote Code Execution
• Added a rule for WordPress plugin WP Advanced Search < 3.3.4 - Unauthenticated Database Access and Remote Code Execution (RCE)
• Added a rule fro WordPress plugin Brizy - Page Builder < 1.0.114 - Unauthenticated Site Settings Update Access