Security Resources

Software Updates

Web Application Security – ModSecurity Commercial Rules, Update for April 2021

Overview for rules released by Trustwave SpiderLabs in April for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.

ModSecurity Commercial Rules detect attacks or classes of attacks on web applications and their components as well as provide virtual patches for public vulnerabilities.

Release Summary

SEO Panel < 4.8.0 - Blind SQLi CVE-2021-28419
WordPress Plugin Business Directory Plugin < 5.11.1 - Authenticated PHP Upload to RCE CVE-2021-24248
WordPress Plugin Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE CVE-2021-24179
WordPress Plugin Tutor LMS < 1.8.8 - Authenticated Local File Inclusion CVE-2021-24242
WordPress Plugin Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS CVE-2021-24218
SonicWall Email Security 10.0.9.x - Directory Traversal to Arbitrary File Read CVE-2021-20023
Nagios XI <= 5.7.5 - Authenticated RCE CVE-2021-25298
Nagios XI <= 5.7.5 - Authenticated RCE CVE-2021-25297
Nagios XI <= 5.7.5 - Authenticated RCE CVE-2021-25296
WordPress Plugin WPBakery Page Builder Clipboard < 4.5.6 - Subscriber+ Stored XSS CVE-2021-24243
WordPress Plugin Photo Gallery by 10Web < 1.5.69 - Multiple Reflected XSS
WordPress Plugin Advanced Custom Field Pro < 5.9.1 - Reflected XSS CVE-2021-24241
WordPress Plugin Ivory Search < 4.6.1 - Reflected XSS CVE-2021-24234
WordPress Plugin The Plus Addons for Elementor Page Builder <= 4.1.5 - Authentication Bypass CVE-2021-24175
WordPress Plugin Quiz and Survey Master < 7.1.12 - Authenticated SQLi via shortcode CVE-2021-24221
WordPress Plugin Facebook for WordPress <  3.0.0 - PHP Object Injection with POP Chain RCE CVE-2021-24217


How to Update

All the rules released this month are available for download and can be configured using the ModSecurity Dashboard. The rules are associated with the default profile and enabled for all licensed servers. To verify the rules were successfully downloaded by ModSecurity, log in to the ModSecurity Dashboard and verify the server "Last seen" date, which indicates the last successful download for the specified server.