Imunify360 Blog

WAF Rules v.3.12 Released

Written by Inessa Atmachian | Jun 3, 2020 1:36:53 PM

We are pleased to announce that new updated WAF rulesets version 3.12 were released to production.

Changelog

  • Switched to block-stored XSS vulnerability in Live Chat with Facebook Messenger plugin for WordPress
  • SQLi vulnerability in the Ajax Load More 5.3.1 plugin for WordPress
  • Stored XSS vulnerability in the Visualizer plugin for WordPress (CVE-2019-16931)
  • SSRF vulnerability in the Visualizer plugin for WordPress (CVE-2019-16932)
  • Unauthorized reset settings in the LiveChat <= 3.7.2 plugin for WordPress
  • Unauthorized update settings in the LiveChat <= 3.7.2 plugin for WordPress
  • XSS in the LiveChat <= 3.7.2 plugin for WordPress
  • WordPress GDPR Compliance plugin - Unauthorized option update
  • WordPress Blog Designer Persistent Cross-Site Scripting (XSS) Vulnerability
  • WordPress WP Private Content Plus plugin - unauthenticated options change (CVE-2019-15816)