Author Topic: Rules Updates: Changelog  (Read 104717 times)

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #210 on: December 12, 2019, 10:26:37 AM »
2019.12.12
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.228


- XSS vulnerability in breadcrumbs-by-menu plugin before 1.0.3 for WordPress (CVE-2019-15865)
- Injection vulnerability in codepress-admin-columns plugin 3.4.6 for WordPress (CVE-2019-17661)
- XSS vulnerability in Blog2Social plugin before 5.9.0 for WordPress (CVE-2019-17550)
- SQLi vulnerability in Xpert Solution Server Status by Hostname/IP plugin 4.6 for WordPress (CVE-2019-12570)
- LFI vulnerability in ad-inserter plugin before 2.4.20 for WordPress (CVE-2019-15323)
- Unrestricted file upload vulnerability in WP Live Chat Support Pro plugin through 8.0.26 for WordPress (CVE-2019-11185)
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #211 on: December 25, 2019, 10:49:14 AM »
2019.12.25
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.229


- Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 (CVE-2015-8563) and Joomla! before 3.9.13 (CVE-2019-18650)
- CSRF vulnerability in breadcrumbs-by-menu plugin before 1.0.3 for WordPress (CVE-2019-15865)
- Privilege escalation vulnerability in LifterLMS plugin through 3.34.5 for WordPress (CVE-2019-15896)
- CSRF vulnerability in peters-login-redirect plugin before 2.9.2 for WordPress (CVE-2019-15115)
- CSRF vulnerability in zoho-salesiq plugin before 1.0.9 for WordPress (CVE-2019-15645)
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #212 on: April 08, 2020, 10:48:03 AM »
2020.04.08
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.230


- SQLi vulnerability in In Joomla! 3.5.0 through 3.8.5 (CVE-2018-8045)
- Remote File Upload Vulnerability in Joomla Content Editor JCE com_jce Plugin 2.6.33
- Joomla com_jce Components Image Manager Plugin 2.6.33 Remote File Upload Vulnerability
- Path traversal vulnerability in Medoa from FTP
- Directory Traversal vulnerability in myEASYbackup 1.0.8.1 for WordPress
- Path traversal vulnerability in ajaxcontroltoolkit (CVE-2015-4670)
- File upload vulnerability in ColdFusion (CVE-2018-15961)
- Path traversal vulnerability in Sprockets
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #213 on: July 23, 2020, 03:53:30 PM »
2020.07.23
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.231


- Directory Traversal vulnerability in JE Messenger component 1.2.2 for Joomla (CVE-2019-9922)
- LFI vulnerability in ad-inserter plugin before 2.4.20 for WordPress (CVE-2019-15323)
- Unrestricted file upload vulerability in WP Live Chat Support Pro plugin through 8.0.26 for WordPress (CVE-2019-11185)
- Joomla Content Editor JCE com_jce Plugin 2.6.33 Remote File Upload Vulnerability
- Joomla PrayerCenter 3.0.4 SQL Injection
- Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload
- XSS in WordPress Plugin WooCommerce Product Feed before2.2.18
- Wordpress Plugin Ajax Load More 5.3.1 Authenticated SQL Injection
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #214 on: September 22, 2020, 04:10:14 PM »
2020.09.22
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.232


- XSS vulnerability in nexos real estate theme for WordPress (CVE-2020-15364)
- XSS vulnerability in ultimate appointment  V1.1.9 for WordPress (CVE-2020-24313)
- XSS vulnerability in Subscribe Sidebar plugin for WordPress (CVE-2020-25033)
- XSS vulnerability in RSS feed widget  V2.7.9 for WordPress (CVE-2020-24314)
- SQL Injection in The Nexos theme through 1.7 for WordPress (CVE-2020-15363)
- Reflected XSS in Blubrry subscribe-sidebar plugin 1.3.1 for WordPress (CVE-2020-25033)
- XSS Vulnerability in Yes-co ORES for WordPress
- XSS vulnerability in WP Google Maps
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #215 on: November 19, 2020, 05:41:18 PM »
2020.11.19
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.233


- XSS in cm-download-manager plugin before 2.8.0 for WordPress (CVE-2020-27344)
- Unauthenticated stored XSS in Loginizer 1.3.8-1.3.9 plugin for WordPress (CVE-2018-11366)
- File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)
- XSS in Store/AccessPress Themes WP Floating Menu V1.3.0 for WordPress (CVE-2020-25378)
- XSS vulnerability in Testimonial Rotator 3.0.2 plugin for WordPress (CVE-2020-26672)
- XSS in recall products v0.8 plugin for WordPress (CVE-2020-25380)
- SQL Injection vulnerability in Good Layers LMS Plugin before 2.1.4 for WordPress (CVE-2020-27481)
- FPs fix

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek