We are pleased to announce that new updated WAF rulesets version 3.12 were released to production.
Changelog
- Switched to block-stored XSS vulnerability in Live Chat with Facebook Messenger plugin for WordPress
- SQLi vulnerability in the Ajax Load More 5.3.1 plugin for WordPress
- Stored XSS vulnerability in the Visualizer plugin for WordPress (CVE-2019-16931)
- SSRF vulnerability in the Visualizer plugin for WordPress (CVE-2019-16932)
- Unauthorized reset settings in the LiveChat <= 3.7.2 plugin for WordPress
- Unauthorized update settings in the LiveChat <= 3.7.2 plugin for WordPress
- XSS in the LiveChat <= 3.7.2 plugin for WordPress
- WordPress GDPR Compliance plugin - Unauthorized option update
- WordPress Blog Designer Persistent Cross-Site Scripting (XSS) Vulnerability
- WordPress WP Private Content Plus plugin - unauthenticated options change (CVE-2019-15816)