Overview for rules released by Trustwave SpiderLabs in March 2021 for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.
ModSecurity Commercial Rules detect attacks or classes of attacks on web applications and their components as well as provide virtual patches for public vulnerabilities.
Release Summary
PHP User-Agentt backdoor RCE
WordPress Plugin Simple Membership <= 4.0.3 - Authenticated SQLi CVE-2021-29232
WordPress Plugin Virtual Robots.txt <= 1.9 - Stored Authenticated XSS CVE-2021-28121
WordPress Plugin wpDataTables < 3.4.2- Blind SQLi via length Parameter CVE-2021-24200
WordPress Plugin wpDataTables < 3.4.2- Blind SQLi via start Parameter CVE-2021-24199
WordPress Plugin wpDataTables < 3.4.1 - Unauthenticated SQLi CVE-2021-26754
WordPress Plugin Social Slider Widget < 1.8.5 - Authenticated Reflected XSS CVE-2021-24196
WordPress Plugin WP Hotel Booking <= 1.10.3 - Unauthenticated PHP Object Injection to RCE CVE-2020-29047
WordPress Plugin GiveWP < 2.10.0 - Reflected XSS CVE-2021-24213
WordPress Plugin WP Super Cache < 1.7.2 - Authenticated RCE
rConfig 3.9.6 Authenticated Arbitrary File Upload to RCE
WordPress Plugin Advanced Order Export For WooCommerce < 3.1.8 - Reflected XSS CVE-2021-24169
WordPress Plugin Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS
WordPress Plugin Five Star Restaurant Menu < 2.2.1 - Unauthenticated PHP Object Injection to RCE CVE-2020-29045
WordPress Plugin WP File Manager < 7.1 - Reflected XSS CVE-2021-24177
WordPress Plugin Photo Gallery by 10web < 1.5.69 - Reflected XSS
WordPress Plugin Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload to RCE CVE-2021-24155
WordPress Plugin NextGEN Gallery Pro < 3.1.11 - Reflected XSS
Joomla! Extension Matukio Events 7.0.5 - Stored XSS
WordPress Plugin SuperStoreFinder <= 6.3 - Unauthenticated SQLi
WordPress Plugin WP GDPR Compliance < 1.5.6 - Unauthenticated Stored XSS
VMWare vCenter - Unauthenticated RCE CVE-2021-21972
How to Update
All the rules released this month are available for download and can be configured using the ModSecurity Dashboard. The rules are associated with the default profile and enabled for all licensed servers. To verify the rules were successfully downloaded by ModSecurity, log in to the ModSecurity Dashboard and verify the server "Last seen" date, which indicates the last successful download for the specified server.