We are pleased to announce that new updated WAF rulesets versions 3.32 to 3.33 have been released to production.
Imunify360 WAF v3.33 (3 September)
- Added rule id: 77316730 - IM360 WAF: WordPress plugin File Manager < 6.9 -Remote Code Execution
- Updated rule id: 77233220 - IM360 WAF: XSS vulnerability in Modern Events Calendar Lite plugin 4.2.1 for WordPress
- Updated rule id: 77211190 - IM360 WAF: Remote File Access Attempt
- Updated rule id: 77316722 - IM360 WAF: WordPress plugin Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload leading to Remote Code Execution
Imunify360 WAF v3.32 (1 September)
- Added rule id: 77316723 - IM360 WAF: SQL Injection in Plugin Email Subscribers & Newsletters 4.2.2 for WordPress (CVE-2019-20361)
- Added rule id: 77316724,77316725 - IM360 WAF: File Upload/RCE in ThinkCMF
- Added rule id: 77316726 - IM360 WAF: WordPress plugin wpStoreCart - Unauthenticated Arbitrary File Upload leading to Remote Code Execution
- Added rule id: 77316727 - IM360 WAF: Suspicious file upload detection
- Added rule id: 77316728 - IM360 WAF: Netgear unauthenticated RCE
- Added rule id: 77316729 - IM360 WAF: Generic CSRF detection
- Updated rule id: 77140866 - IM360 WAF: Malicious plugin upload attempt