Overview for rules released by Trustwave SpiderLabs in May for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.
ModSecurity Commercial Rules detect attacks or classes of attacks on web applications and their components as well as provide virtual patches for public vulnerabilities.
WordPress Plugin WP Super Cache < 1.7.3 - Authenticated Stored XSS CVE-2021-24329
WordPress Plugin Instant Images WordPress Plugin < 188.8.131.52 - Authenticated Persistent XSS CVE-2021-24334
WordPress Plugin Database Backup for WordPress < 2.4 - Authenticated Persistent XSS CVE-2021-24322
Nagios XI <= 5.7.5 - Authenticated RCE CVE-2020-28648
WordPress Plugin Pick Plugins Slider for WooCommerce < 1.13.22 - Reflected XSS CVE-2021-24300
Microsoft HTTP Protocol Stack - RCE CVE-2021-31166
WordPress Plugin Contact Form by Supsystic < 1.7.15 - Reflected XSS CVE-2021-24276
WordPress Plugin Ultimate Maps by Supsystic < 1.2.5 - Reflected XSS CVE-2021-24274
WordPress Plugin Popup by Supsystic < 1.10.5 - Reflected XSS CVE-2021-24275
WordPress Plugin Autoptimize < 2.8.4 - Authenticated Stored XSS CVE-2021-24332
WordPress Plugin WP Statistics < 13.0.8 - Unauthenticated SQLi CVE-2021-24340
WordPress Plugin Give WP < 2.10.4 - Authenticated Stored XSS CVE-2021-24315
WordPress Plugin Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection to RCE CVE-2021-24280
WordPress Plugin WooCommerce < 5.2.0 - Authenticated Reflected XSS CVE-2021-24323
WordPress Plugin All 404 Redirect to Homepage < 2.21 - Authenticated Reflected XSS CVE-2021-24326
WordPress Plugin Download Manager < 3.1.19 - Authenticated (author+) PHP4 File Upload to RCE
WordPress Plugin Accordion < 2.2.30 - Authenticated Reflected XSS CVE-2021-24283
How to Update
All the rules released this month are available for download and can be configured using the ModSecurity Dashboard. The rules are associated with the default profile and enabled for all licensed servers. To verify the rules were successfully downloaded by ModSecurity, log in to the ModSecurity Dashboard and verify the server "Last seen" date, which indicates the last successful download for the specified server.