Overview for rules released by Trustwave SpiderLabs in December for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.
ModSecurity Commercial Rules detect attacks or classes of attacks on web applications and their components as well as provide virtual patches for public vulnerabilities.
WordPress Plugin InPost Gallery < 22.214.171.124 - Unauthenticated LFI to RCE CVE-2022-4063, '2500651 - WordPress Plugin Photo Gallery < 1.8.3 - Stored XSS via CSRF CVE-2022-4058
WordPress Plugin JoomSport < 5.2.8 - Unauthenticated SQLi CVE-2022-4050
WordPress Plugin JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload CVE-2022-4061
WordPress Plugin Booster for WooCommerce - Custom Role Creation/Deletion via CSRF CVE-2022-4016
WordPress Plugin Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload CVE-2022-3989
WordPress Plugin Directorist < 126.96.36.199 - Subscriber+ Arbitrary User Password Update via IDOR CVE-2022-3930
WordPress Plugin WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation CVE-2022-3882
WordPress Plugin Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting CVE-2022-3933
WordPress Plugin Flat PM <= 2.661 - Reflected Cross-Site Scripting CVE-2022-3934
WordPress Plugin Betheme < 26.6 - Contributor+ PHP Object Injection CVE-2022-3861
WordPress Plugin StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation CVE-2022-3883
WordPress Plugin User Registration < 188.8.131.52 - Subscriber+ Arbitrary File Upload CVE-2022-3912
WordPress Plugin Dokan < 3.7.6 - Unauthenticated SQLi CVE-2022-3915
WordPress Plugin WooSwipe WooCommerce Gallery <= 2.0.1 - Subscriber plus Settings Update CVE-2022-45066
How to Update
All the rules released this month are available for download and can be configured using the ModSecurity Dashboard. The rules are associated with the default profile and enabled for all licensed servers. To verify the rules were successfully downloaded by ModSecurity, log in to the ModSecurity Dashboard and verify the server "Last seen" date, which indicates the last successful download for the specified server.