We are pleased to announce that new updated WAF rulesets version 3.22 were released to production.
New protection rules
- WordPress plugin Adning Advertising - Unauthenticated Arbitrary File Upload leading to Remote Code Execution
- WordPress plugin All in One SEO Pack - Authenticated Stored Cross-Site Scripting
- Unauthenticated SQL Injection in Payment Form For Paypal Pro < 1.1.65
- Block spam via Avia Layaut Builder generated forms
Updated rules
- Arbitrary File Upload vulnerability in the ReFlex Gallery plugin before 3.1.4 for WordPress