Imunify360 Blog

WAF Rules v.3.15 Released

Written by Inessa Atmachian | Jun 12, 2020 6:56:21 AM

We are pleased to announce that new updated WAF rulesets version 3.15 were released to production.

Changelog

  • Block spam via newsletter
  • Unauthenticated settings update in WP Inventory Manager plugin for WordPress
  • CSRF Vulnerability in LiveChat plugin for WordPress
  • Stored XSS Vulnerability in LiveChat plugin for WordPress
  • Stored XSS Vulnerability in WP Quick Booking Manager plugin for WordPress
  • Persistent XSS Vulnerability in private content plus plugin for WordPress
  • Persistent XSS Vulnerability in WP Quick Booking Manager plugin for WordPress
  • Persistent XSS Vulnerability in Travelpayouts plugin for WordPress
  • Unauthenticated update arbitrary option WP Total Donations Plugin for WordPress (CVE-2019-6703)
  • WordPress PageLayer <= 1.1.1 - Unprotected AJAX endpoints