Imunify360 Blog

WAF rulesets released

Written by Inessa Atmachian | Feb 26, 2020 2:38:07 PM

We are pleased to announce that new updated WAF rulesets are released.

Changelog

version 2.88

  • A few rules are modified for more accurate responses
  • Block malicious plugin requests Solid Best Corp
  • Fix false positive case in User Profile & Membership plugin
  • Fix false positive case in a rule for tracking System Command Injection Attempt
  • Cover file upload vulnerability in comsexycontactform for Joomla!
  • Cover file upload vulnerability in com_jwallpapers

version 2.89

  • Improve a rule for a standalone malware access attempt
  • Update logic to track and block malware access

version 2.90

  • Cover path traversal vulnerability in com_foxcontact component for Joomla!
  • Cover Remote SQL injection vulnerability in Lokomedia CMS
  • Cover file upload vulnerability in com_weblinks component dor Joomla!
  • Cover file upload vulnerability in tdpsthemeoptionpanel module
  • Cover file upload vulnerability in pk_vertflexmenu module

version 2.91

  • Update the logic to track and block malware access
  • Improve the logic for WordPress bruteforce prevention

version 2.92

  • Cover vulnerability in ThemeGrill Demo Importer
  • Cover XSS vulnerability in Joomla before 3.9.2
  • Update logic to detect conditional SQL injection attempts
  • Cover basic MongoDB SQL injection attempts
  • Update logic to track and block malware access

Stay in touch

If you encounter any problems with the product or you have feedback and ideas to share, please send a request to our Imunify support team via cloudlinux.zendesk.com.