We are pleased to announce that new updated WAF rulesets are released.

Changelog

version 2.88

• A few rules are modified for more accurate responses
• Block malicious plugin requests Solid Best Corp
• Fix false positive case in User Profile & Membership plugin
• Fix false positive case in a rule for tracking System Command Injection Attempt
• Cover file upload vulnerability in comsexycontactform for Joomla!
• Cover file upload vulnerability in com_jwallpapers

version 2.89

• Improve a rule for a standalone malware access attempt
• Update logic to track and block malware access

version 2.90

• Cover path traversal vulnerability in com_foxcontact component for Joomla!
• Cover Remote SQL injection vulnerability in Lokomedia CMS
• Cover file upload vulnerability in com_weblinks component dor Joomla!
• Cover file upload vulnerability in tdpsthemeoptionpanel module
• Cover file upload vulnerability in pk_vertflexmenu module

version 2.91

• Update the logic to track and block malware access
• Improve the logic for WordPress bruteforce prevention

version 2.92

• Cover vulnerability in ThemeGrill Demo Importer
• Cover XSS vulnerability in Joomla before 3.9.2
• Update logic to detect conditional SQL injection attempts
• Cover basic MongoDB SQL injection attempts
• Update logic to track and block malware access

Stay in touch

If you encounter any problems with the product or you have feedback and ideas to share, please send a request to our Imunify support team via cloudlinux.zendesk.com.