Overview for rules released by Trustwave SpiderLabs in April for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.
ModSecurity Commercial Rules detect attacks or classes of attacks on web applications and their components as well as provide virtual patches for public vulnerabilities.
WordPress Plugin Duplicate Page and Post < 2.5.7 SQLi
WordPress Plugin Support Ticket System by Phoeniix <= 2.7 Unauthenticated XSS
IBM Data Risk Manager < 2.0.4 Directory Traversal
IBM Data Risk Manager < 2.0.4 RCE
WordPress Plugin Responsive Poll <= 1.3.4 Authentication Bypass CVE-2020-11673
WordPress Plugin Media Library Assistant 2.81 Local File Inclusion CVE-2020-11732
Joomla! com_fabrik 3.9.11 Directory Traversal
* WordPress Plugin Rank Math SEO <= 22.214.171.124 REST Endpoint (strict) CVE-2020-11514
* WordPress Plugin Rank Math SEO <= 126.96.36.199 REST Endpoint SQLi CVE-2020-11514
* WordPress Plugin Rank Math SEO <= 188.8.131.52 REST Endpoint XSS CVE-2020-11514
* WordPress Plugin Rank Math SEO <= 184.108.40.206 REST Endpoint Privilege Escalation CVE-2020-11514
* NOTE: For WordPress Plugin Rank Math SEO vulnerability several versions of the rule were added. The “strict” version of the rule will provide full protection against this vulnerability but may also prevent some legitimate uses of the plugin. For customers for whom this is an issue, we have provided three rules that block several avenues of likely exploitation that should still provide decent protection, but full protection against attacks exploiting this CVE when using these instead of the strict version of the rule cannot be guaranteed due to the specifics of this vulnerability.
How to Update
All the rules released this month are available for download and can be configured using the ModSecurity Dashboard. The rules are associated with the default profile and enabled for all licensed servers. To verify the rules were successfully downloaded by ModSecurity, log in to the ModSecurity Dashboard and verify the server "Last seen" date, which indicates the last successful download for the specified server.