We are pleased to announce that new updated WAF rulesets versions 3.32 to 3.33 have been released to production.

• Added rule id: 77316730 - IM360 WAF: WordPress plugin File Manager < 6.9 -Remote Code Execution
• Updated rule id: 77233220 - IM360 WAF: XSS vulnerability in Modern Events Calendar Lite plugin 4.2.1 for WordPress
• Updated rule id: 77211190 - IM360 WAF: Remote File Access Attempt
• Updated rule id: 77316722 - IM360 WAF: WordPress plugin Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload leading to Remote Code Execution

• Added rule id: 77316723 - IM360 WAF: SQL Injection in Plugin Email Subscribers & Newsletters 4.2.2 for WordPress (CVE-2019-20361)
• Added rule id: 77316724,77316725 - IM360 WAF: File Upload/RCE in ThinkCMF
• Added rule id: 77316726 - IM360 WAF: WordPress plugin wpStoreCart - Unauthenticated Arbitrary File Upload leading to Remote Code Execution
• Added rule id: 77316727 - IM360 WAF: Suspicious file upload detection
• Added rule id: 77316728 - IM360 WAF: Netgear unauthenticated RCE
• Added rule id: 77316729 - IM360 WAF: Generic CSRF detection
• Updated rule id: 77140866 - IM360 WAF: Malicious plugin upload attempt