We are pleased to announce that new updated WAF rulesets version 3.15 were released to production.
Changelog
- Block spam via newsletter
- Unauthenticated settings update in WP Inventory Manager plugin for WordPress
- CSRF Vulnerability in LiveChat plugin for WordPress
- Stored XSS Vulnerability in LiveChat plugin for WordPress
- Stored XSS Vulnerability in WP Quick Booking Manager plugin for WordPress
- Persistent XSS Vulnerability in private content plus plugin for WordPress
- Persistent XSS Vulnerability in WP Quick Booking Manager plugin for WordPress
- Persistent XSS Vulnerability in Travelpayouts plugin for WordPress
- Unauthenticated update arbitrary option WP Total Donations Plugin for WordPress (CVE-2019-6703)
- WordPress PageLayer <= 1.1.1 - Unprotected AJAX endpoints