Top

Release Notes

Malware Experts – ModSecurity Rules

2017.10.15 – 1.0.32
– Remote File Download – (WordPress Plugin – Ultimate Form Builder Lite)
2017.10.05 – 1.0.31
– Empty User-Agent – WordPress protection
2017.08.26 – 1.0.30
– Core rules optimisation
2017.07.29 – 1.0.29
– User Agent – Visbot
2017.07.10 – 1.0.28
– Core rules optimisation
2017.06.20 – 1.0.27
– Remote Code Execution – Hidden wp_cookie Cookie (WordPress)
2017.05.18 – 1.0.26
– SQL Injection Vulnerability – Joomla 3.7 (core)
2017.03.13 – 1.0.25
– Remote File Download (WordPress Plugin – WP Power Stats)
2017.02.28 – 1.0.24
– SQL Injection Vulnerability – WordPress NextGEN Gallery
2017.02.21 – 1.0.23
– Magento ShopLift
2017.02.05 – 1.0.22
– Content Injection Vulnerability – WordPress 4.7.x (API)
2017.01.14 – 1.0.21
– Arbitrary File Upload Vulnerability – WordPress in Google Forms Plugin
2017.01.10 – 1.0.20
– Arbitrary File Upload Vulnerability – PageLines (WordPress theme)
2016.12.26 – 1.0.19
– Cookie – Remote File Download (WordPress Plugin – Backup & Restore Dropbox)
2016.12.24 – 1.0.18
– Remote Code Execution – WordPress Plugin Marketplace
2016.12.23 – 1.0.17
– Generic fixes
2016.12.22 – 1.0.16
– Arbitrary File Upload Vulnerability – WordPress in Cherry Plugin
2016.12.02 – 1.0.15
– PHP Command Shell (WSO) – Block WP.php prevent Execute
2016.11.29 – 1.0.14
– Arbitrary File Upload Vulnerability – Wpshop
– Arbitrary File Upload Vulnerability – Ultimate Product Catalogue
– Arbitrary File Upload Vulnerability – dzs-zoomsounds
2016.11.24 – 1.0.13
– ModX – ajaxSearchPopup.php Vulnerability
2016.11.06 – 1.0.12
– Arbitrary File Upload Vulnerability – WooCommerce Extra Fields
– Arbitrary File Upload Vulnerability – N-Media Post Front-end Form
– Arbitrary File Upload Vulnerability – WP Marketplace
2016.10.25 – 1.0.11
– 0-Day: Joomla Account Creation (CVE-2016-8870) / Elevated Privileges write-up (CVE-2016-8869)
2016.09.16 – 1.0.10
– 0-Day: cache-db.php
2016.09.16 – 1.0.9
– User Agent pattern Added
2016.08.22 – 1.0.8
– Path traversal vulnerability in WordPress Core Ajax handlers (OVE-20160712-0036)
2016.08.17 – 1.0.7
– PHP__SESSION__PHP
2016.08.09 – 1.0.6
– Cookie – PHP eval
2016.08.06 – 1.0.5
– Generic fixes
2016.07.30 – 1.0.4
PhpMyAdmin Insufficient output sanitizing when generating configuration file.
2016.07.29 – 1.0.3
– Struts 2 Remote command execution (CVE-2013-2251)
2016.07.27 – 1.0.2
– OS command injection attack
2016.07.20 – 1.0.1
httpoxy vulnerable protection

Public release

2016.07.01 – 1.0.0
– First public release (Malware ExpertModSecurity Rules)

Development started

2005.10.01
– Development started