system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------
SecRule &TX:XSS_SQLi "@eq 0" \
"id:232320,msg:'COMODO WAF: Track same forbidden symbols to Ignore signature||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'IGNORE_SFS_SIG_WPPlugin_XSS_SQLi',rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:WordPress "@eq 0" \
"id:232990,msg:'COMODO WAF: Track unauthenticated request in WordPress plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'WPPlugin_Skip_URF_210460',rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule TX:WordPress "@eq 1" \
"id:210460,chain,msg:'COMODO WAF: XSS vulnerability in the pondol-formmail 1.1 For WordPress (CVE-2016-1000146)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /pages/admin-mail-info.php" \
"chain,t:none,t:normalizePath,t:lowercase"
SecRule ARGS_GET:itemid "@rx \x22|<" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:210890,chain,msg:'COMODO WAF: XSS vulnerability in the Ultimate Instagram Feed plugin before 1.3 for WordPress (CVE-2017-16758)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ultimate-instagram-feed.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:access_token "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:220550,chain,msg:'COMODO WAF: XSS vulnerability in the Download Manager plugin before 2.5.9 for WordPress (CVE-2013-7319)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:file[title] "@rx \x22|<" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:220660,chain,msg:'COMODO WAF: XSS vulnerability in the Responsive Logo Slideshow plugin for WordPress (CVE-2013-1759)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq options.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:/^logo-img\d+$/|ARGS:/^logo-url\d+$/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:220720,chain,msg:'COMODO WAF: XSS vulnerability in the CommentLuv plugin before 2.92.4 for WordPress (CVE-2013-1409)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:_ajax_nonce "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:220870,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress (CVE-2014-2315)||%{tx.domain}|%{tx.mode}|2',deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq options.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^thanks_/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:221060,chain,msg:'COMODO WAF: XSS vulnerability in the NextCellent Gallery plugin before 1.19.18 for WordPress (CVE-2014-3123)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@contains manage-images" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:alttext "@rx \x22" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:221430,chain,msg:'COMODO WAF: XSS vulnerability in the Random Banner plugin 1.1.2.1 for WordPress (CVE-2014-4847)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:buffercode_RBanner_url_banner1 "@contains '" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq options.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:221520,chain,msg:'COMODO WAF: XSS vulnerability in the WP Construction Mode plugin 1.8 for WordPress (CVE-2014-4854)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wuc_logo "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222030,chain,msg:'COMODO WAF: XSS vulnerability in the Compfight plugin 1.4 for WordPress (CVE-2014-5202)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith compfight-search.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:search-value "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222110,chain,msg:'COMODO WAF: XSS vulnerability in Disqus Comment System plugin before 2.76 for WordPress (CVE-2014-5345)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith edit-comments.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:page "@streq disqus" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:step "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226250,chain,msg:'COMODO WAF: XSS vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress (CVE-2015-2195)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains wp-media-cleaner" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:s|ARGS_GET:view|ARGS_GET:paged "@rx \x22|\x27" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:226271,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress (CVE-2015-2218)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@pm wonderplugin_audio_save_item" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_POST:item[name]|ARGS_POST:item[customcss] "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226310,chain,msg:'COMODO WAF: XSS vulnerability in the FancyBox plugin for WordPress before 3.0.3 (CVE-2015-1494)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains fancybox-for-wordpress" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/mfbfw\[\w+\]/ "@pm < >" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226320,chain,msg:'COMODO WAF: XSS vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress (CVE-2015-1582)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains spider_facebook_manage" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:asc_or_desc|ARGS_POST:page_number|ARGS_POST:order_by|ARGS_POST:serch_or_not|ARGS_POST:search_events_by_title "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226321,chain,msg:'COMODO WAF: XSS vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress (CVE-2015-1582)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@pm selectpagesforfacebook selectpostsforfacebook" \
"chain,t:none"
SecRule ARGS_POST:asc_or_desc|ARGS_POST:page_number|ARGS_POST:order_by|ARGS_POST:serch_or_not|ARGS_POST:search_events_by_title "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226330,chain,msg:'COMODO WAF: XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress (CVE-2015-1879)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains gde-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:profile "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226340,chain,msg:'COMODO WAF: XSS vulnerability in the Contact Form DB plugin 2.8.26 for WordPress (CVE-2015-2040)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cf7dbpluginsubmissions" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:submit_time "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226350,chain,msg:'COMODO WAF: XSS vulnerability in the WooCommerce plugin before 2.2.11 (CVE-2015-2069)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wc-reports" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_NAMES "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226360,chain,msg:'COMODO WAF: XSS vulnerability in the Ninja Forms plugin before 2.8.9 for WordPress (CVE-2015-2220)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@contains ninja_forms_ajax_submit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^ninja_forms_field_\d+$/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226361,chain,msg:'COMODO WAF: XSS vulnerability in the Ninja Forms plugin before 2.8.9 for WordPress (CVE-2015-2220)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@streq post.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/fields\[\d+\]$/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226370,chain,msg:'COMODO WAF: XSS vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress (CVE-2015-1384)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:6,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bannereffectoptions" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:banner_effect_email|ARGS_POST:banner_effect_divid "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:226540,chain,msg:'COMODO WAF: XSS vulnerability in the WP Slimstat plugin before 3.9.2 for WordPress (CVE-2015-1204)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains wp-slim-view" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:fs[resource] "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226660,chain,msg:'COMODO WAF: SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress (CVE-2014-2839)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS:gdsr_search "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq gd-star-rating-stats" \
"chain,t:none,t:lowercase,t:urlDecodeUni"
SecRule ARGS:s "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226700,chain,msg:'COMODO WAF: XSS vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress (CVE-2014-100018)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:5,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith users.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@contains unconfirmed" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:s "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:226810,chain,msg:'COMODO WAF: XSS vulnerability in the Floating Social Bar plugin before 1.1.6 for WordPress (CVE-2015-5528)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq fsb_save_order" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:/^items\[\d+\]$/ "@rx \x22|'|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226710,chain,msg:'COMODO WAF: XSS vulnerability in the Twitget plugin before 3.3.3 for WordPress (CVE-2014-2995)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq twitget/twitget.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:twitget_consumer_key|ARGS_POST:twitget_consumer_secret|ARGS_POST:twitget_user_token|ARGS_POST:twitget_user_secret "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226920,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Easy2Map plugin before 1.2.5 for WordPress (CVE-2015-4614)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@contains save_map" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:mapName "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226970,chain,msg:'COMODO WAF: XSS vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress (CVE-2015-5535)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq qtranslate" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:edit "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227030,chain,msg:'COMODO WAF: XSS vulnerability in the Google Analytics by Yoast plugin before 5.1.3 for WordPress (CVE-2014-9174)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq yst_ga_settings" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:manual_ua_code_field "@rx \x22|<" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:227080,chain,msg:'COMODO WAF: XSS vulnerability in the Apptha WordPress Video Gallery(contus-video-gallery) plugin 2.5 for WordPress (CVE-2014-9098)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:page "@pm videos Playlists videoads" \
"chain,t:none"
SecRule ARGS_POST:videosearchQuery|ARGS_POST:PlaylistssearchQuery|ARGS_POST:videoadssearchQuery "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule TX:WordPress "@eq 1" \
"id:210140,chain,msg:'COMODO WAF: XSS vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress (CVE-2015-5481)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains gdbbpress_attachments" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:tab "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227330,chain,msg:'COMODO WAF: XSS vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress (CVE-2014-4664)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wordfencewhois" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:whoisval "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227340,chain,msg:'COMODO WAF: XSS vulnerability in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress (CVE-2014-6315)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq addimages" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:callback|ARGS_GET:dir|ARGS_GET:extensions "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227360,chain,msg:'COMODO WAF: XSS vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress (CVE-2014-6243)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ewww-image-optimizer/ewww-image-optimizer.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:error "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227380,chain,msg:'COMODO WAF: XSS vulnerability in the Social Connect plugin 1.0.4 and earlier for WordPress (CVE-2014-4551)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq social-connect-settings-group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:social_connect_facebook_api_key|ARGS_POST:social_connect_facebook_secret_key|ARGS_POST:social_connect_twitter_consumer_key|ARGS_POST:social_connect_twitter_consumer_secret "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227400,chain,msg:'COMODO WAF: XSS vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress (CVE-2014-7139)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq CF7DBPluginShortCodeBuilder" \
"chain,t:none"
SecRule ARGS_GET:form|ARGS_GET:enc "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227410,chain,msg:'COMODO WAF: XSS vulnerability in the Appointment Booking Calendar plugin before 1.1.8 for WordPress (CVE-2015-7320)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cpabc_appointments" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:name|ARGS_GET:ics "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227450,chain,msg:'COMODO WAF: XSS vulnerability in the Gallery - Photo Albums - Portfolio plugin 1.3.47 for WordPress (CVE-2015-7386)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq easymediagallery" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:easmedia_meta[easmedia_metabox_title]|ARGS_POST:easmedia_meta[easmedia_metabox_sub_title] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227470,chain,msg:'COMODO WAF: XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress (CVE-2014-6313)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wc-reports" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:range "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227480,chain,msg:'COMODO WAF: XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress (CVE-2014-3841)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq add_contact_form_library" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:form_settings "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227540,chain,msg:'COMODO WAF: XSS vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress (CVE-2014-2333)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq lazyest-gallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:lazyest-gallery[gallery_folder]|ARGS_POST:lazyest-gallery[thumb_folder]|ARGS_POST:lazyest-gallery[slide_folder]|ARGS_POST:lazyest-gallery[slide_show_duration]|ARGS_POST:lazyest-gallery[captions_length]|ARGS_POST:lazyest-gallery[fileupload_allowedtypes]|ARGS_POST:lazyest-gallery[excluded_folders_string]|ARGS_POST:lazyest-gallery[resample_quality]|ARGS_POST:lazyest-gallery[listed_as]|ARGS_POST:lazyest-gallery[captions_length] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227680,chain,msg:'COMODO WAF: XSS vulnerabilities in Welcart plugin before 1.4.18 for WordPress (CVE-2015-2973)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains usces" \
"chain,t:none,t:lowercase"
SecRule ARGS:usces_referer "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227800,chain,msg:'COMODO WAF: XSS vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress (CVE-2014-4724)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq custom-banners-settings-group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:custom_banners_custom_css|ARGS_POST:custom_banners_registered_name|ARGS_POST:custom_banners_registered_url|ARGS_POST:custom_banners_registered_key "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227870,chain,msg:'COMODO WAF: XSS vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress (CVE-2014-1232)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq fv_wysiwyg" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:ImagesPath|ARGS_POST:FCKWidth|ARGS_POST:postmeta|ARGS_POST:bodyid|ARGS_POST:bodyclass|ARGS_POST:wysiwygstyles "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227890,chain,msg:'COMODO WAF: XSS vulnerability in BuddyPress plugin before 1.9.2 for WordPress (CVE-2014-1888)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@contains groups/create/step/group-details" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:group-name "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227940,chain,msg:'COMODO WAF: XSS vulnerability in the church_admin plugin before 0.810 for WordPress (CVE-2015-4127)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains church_admin" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:address "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227980,chain,msg:'COMODO WAF: XSS vulnerability in Another Wordpress Classifieds Plugin 3.3.1 (CVE-2014-10012)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq awpcp-listings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:action "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228050,chain,msg:'COMODO WAF: XSS vulnerability in the zM Ajax Login and Register plugin before 1.1.0 for WordPress (CVE-2015-4465)||%{tx.domain}|%{tx.mode}|2',deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@streq load_template" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:template "@rx \x22|'|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228060,chain,msg:'COMODO WAF: XSS vulnerability in Free Counter plugin 1.1 for WordPress (CVE-2015-4084)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:id_counter "@gt 0" \
"chain,t:none"
SecRule ARGS_POST:action "@contains check_stat" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:value "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228100,chain,msg:'COMODO WAF: XSS vulnerability in the WordPress plugin connections v8.5.8 (CVE-2016-0770)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq connections_manage" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:s "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228110,chain,msg:'COMODO WAF: XSS vulnerabilities in Google Analyticator plugin before 6.4.9.6 for WordPress (CVE-2015-6238)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq google-analyticator" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:ga_admin_disable_DimentionIndex|ARGS_POST:ga_adsense|ARGS_POST:ga_downloads_prefix|ARGS_POST:ga_downloads|ARGS_POST:ga_outbound_prefix "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228210,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in Simple visitor stat plugin in 1.0 for WordPress (CVE-2014-9453)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@contains smpvstat" \
"chain,t:none,t:lowercase"
SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228270,chain,msg:'COMODO WAF: XSS vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress (CVE-2013-6342)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq tweet-blender/admin-page.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:tb_tab_index "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228290,chain,msg:'COMODO WAF: XSS vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress (CVE-2013-6991)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-cron-dashboard" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:procname "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228320,chain,msg:'COMODO WAF: XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress (CVE-2013-4626)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq backwpupeditjob" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228330,chain,msg:'COMODO WAF: PHP code injection vulnerability in XCloner 3.1.2 and prior versions for WordPress (CVE-2015-4338)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq xcloner_show" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:lang[LM_FRONT_CHOOSE_PACKAGE] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:225060,chain,msg:'COMODO WAF: XSS vulnerability in the WP Photo Album Plus Plugin 5.0.2 for WordPress (CVE-2013-3254)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wppa_manage_comments" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:commentid "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228360,chain,msg:'COMODO WAF: XSS vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress (CVE-2013-6993)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ad-minister" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:key "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228370,chain,msg:'COMODO WAF: XSS in the Collne Welcart e-Commerce plugin 1.8.2 for WordPress (CVE-2016-4827)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm usces_itemnew usces_itemedit" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:post_title "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228410,chain,msg:'COMODO WAF: XSS in the Ultimate Member Plugin 1.3.28 For WordPress (CVE-2015-8354)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/users.php" \
"chain,t:none,t:normalizePath,t:lowercase"
SecRule ARGS_GET:update "@streq confirm_delete" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:_refer "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228420,chain,msg:'COMODO WAF: XSS in the Easy2Map plugin 1.2.9 For WordPress (CVE-2015-7668)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq easy2map" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:map_id "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228430,chain,msg:'COMODO WAF: XSS vulnerability in the Payment Form for PayPal Pro plugin 1.0.1 For WordPress (CVE-2015-7666)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cp_ppp" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:cal "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228440,chain,msg:'COMODO WAF: XSS vulnerability in the Calls to Action plugin version 2.4.3 For WordPress (CVE-2015-8350)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_COOKIES:post_type "@streq wp-call-to-action" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:wp-cta-variation-id|ARGS_GET:open-tab "@rx <|'" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228450,chain,msg:'COMODO WAF: XSS in the Role Scoper plugin version 1.3.66 For WordPress (CVE-2015-8353)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq rs-object_role_edit" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:object_name "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228460,chain,msg:'COMODO WAF: XSS vulnerability in the Twitget plugin before 3.3.3 for WordPress (CVE-2014-2559)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains twitget/twitget" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:twitget_consumer_key|ARGS_POST:twitget_consumer_secret|ARGS_POST:twitget_user_token|ARGS_POST:twitget_user_secret "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228470,chain,msg:'COMODO WAF: XSS vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress (CVE-2014-9129)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cmdm_admin_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:addons_title "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228480,chain,msg:'COMODO WAF: XSS vulnerability in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress (CVE-2014-9525)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-popup.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:sc_popup_title|ARGS_POST:sc_popup_subtitle|ARGS_POST:sc_popup_cta_url|ARGS_POST:sc_popup_cta_text|ARGS_POST:sc_popup_media_link|ARGS_POST:sc_popup_days|ARGS_POST:sc_popup_delay|ARGS_POST:sc_popup_color|ARGS_POST:sc_popup_width "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228490,chain,msg:'COMODO WAF: XSS vulnerability in the Sliding Social Icons plugin 1.61 for WordPress (CVE-2014-9437)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpbs_panel" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@streq wpbs_save_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228500,chain,msg:'COMODO WAF: XSS vulnerability in the Simple Sticky Footer plugin before 1.3.3 for WordPress (CVE-2014-9454)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-simple-sticky-footer" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:simple_sf_width|ARGS_POST:simple_sf_style "@rx \'|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228510,chain,msg:'COMODO WAF: XSS vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress (CVE-2014-2598)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq redirect-updates" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:quickppr_redirects[request][]|ARGS_POST:quickppr_redirects[destination][] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228520,chain,msg:'COMODO WAF: XSS vulnerability in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress (CVE-2014-9413)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-ip-ban" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:ip_list|ARGS_POST:user_agent_list|ARGS_POST:redirect_url "@rx <|\'" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228530,chain,msg:'COMODO WAF: XSS vulnerability in the WP-ViperGB plugin before 1.3.11 for WordPress (CVE-2014-9460)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-vipergb" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:vgb_page|ARGS_POST:vgb_items_per_pg "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228540,chain,msg:'COMODO WAF: XSS vulnerability in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress (CVE-2014-9524)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq slug_for_fb_like_box" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:frm_title|ARGS_POST:frm_url|ARGS_POST:frm_border_color|ARGS_POST:frm_width|ARGS_POST:frm_height "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228560,chain,msg:'COMODO WAF: XSS vulnerability in the SimpleFlickr plugin 3.0.3 and earlier for WordPress (CVE-2014-9396)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simpleflickr.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:simpleflickr_width|ARGS_POST:simpleflickr_height|ARGS_POST:simpleflickr_bgcolor|ARGS_POST:simpleflickr_xmldatapath "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228570,chain,msg:'COMODO WAF: XSS vulnerability in the Simple Share Buttons Adder plugin before 4.5 for WordPress (CVE-2014-4717)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-share-buttons-adder" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:ssba_share_text|ARGS_POST:ssba_selected_buttons "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228580,chain,msg:'COMODO WAF: XSS vulnerability in the SPNbabble plugin 1.4.1 and earlier for WordPress (CVE-2014-9339)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq spnbabble.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:username|ARGS_POST:password|ARGS_POST:blogname|ARGS_POST:postprefix "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228590,chain,msg:'COMODO WAF: XSS vulnerability in the Contact Form Generator plugin 2.0.1 and earlier for WordPress (CVE-2015-6965)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cfg_forms" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:holder "@pm forms templates" \
"chain,t:none"
SecRule ARGS_POST "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228600,chain,msg:'COMODO WAF: XSS vulnerability in the WP Smiley plugin 1.4.1 for WordPress (CVE-2015-4140)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq smilies4wp.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:s4w-more "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228610,chain,msg:'COMODO WAF: XSS vulnerability in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress (CVE-2015-2755)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ab_map_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:lat|ARGS:long|ARGS:map_width|ARGS:map_height|ARGS:zoom "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228620,chain,msg:'COMODO WAF: XSS vulnerability in the CrossSlide jQuery plugin 2.0.5 for WordPress (CVE-2015-2089)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq thisismyurl_csj.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:csj_width|ARGS_POST:csj_height|ARGS_POST:csj_sleep|ARGS_POST:csj_fade|ARGS_POST:upload_image "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228630,chain,msg:'COMODO WAF: XSS vulnerability in the Acobot Live Chat and Contact Form plugin 2.0 for WordPress (CVE-2015-2039)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq acobot" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:acobot_token "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228660,chain,msg:'COMODO WAF: XSS vulnerability in the Redirection Page plugin 1.2 for WordPress (CVE-2015-1580)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq redirection-page" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:source|ARGS_POST:redir "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228690,chain,msg:'COMODO WAF: XSS vulnerability in the Nofollow Links plugin before 1.0.11 For WordPress (CVE-2016-4833)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq link-nofollow" \
"chain,t:none,t:lowercase"
SecRule REQUEST_URI "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228710,chain,msg:'COMODO WAF: Multiple XSS in the Welcome Announcement Plugin 1.0.5 For WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq wa_options" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:wa_opts[animation_name]|ARGS_POST:wa_opts[animation_width]|ARGS_POST:wa_opts[animation_height]|ARGS_POST:wa_opts[animation_bgcolor]|ARGS_POST:wa_opts[fade_in_duration]|ARGS_POST:wa_opts[animation_duration]|ARGS_POST:wa_opts[fade_out_duration]|ARGS_POST:wa_opts[veil_bgcolor]|ARGS_POST:wa_opts[veil_transparency]|ARGS_POST:wa_opts[cookie_name]|ARGS_POST:wa_opts[cookie_expiration] "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228740,chain,msg:'COMODO WAF: XSS vulnerability in the parsi-font 4.2.5 For WordPress (CVE-2016-1000142)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith css.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:size "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228800,chain,msg:'COMODO WAF: XSS vulnerability in the tera-charts 1.0 For WordPress (CVE-2016-1000151)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /charts/treemap.php" \
"chain,t:none,t:normalizePath,t:lowercase"
SecRule ARGS_GET:fn "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228810,chain,msg:'COMODO WAF: XSS vulnerability in the infusionsoft 1.5.11 for WordPress (CVE-2016-1000139)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /examples/leadscoring.php" \
"chain,t:none,t:normalizePath,t:lowercase"
SecRule ARGS_GET:ContactId "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228820,chain,msg:'COMODO WAF: XSS vulnerability in the photoxhibit v2.1.8 for WordPress (CVE-2016-1000143)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm px_manage px_build" \
"chain,t:none"
SecRule ARGS_GET:gid "@rx \x22|<" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228880,chain,msg:'COMODO WAF: XSS vulnerability in the photoxhibit 2.1.8 for WordPress (CVE-2016-1000144)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /common/inc/pages/edit_styles.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:gid "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:228900,chain,msg:'COMODO WAF: XSS vulnerability in the whizz 1.0.7 for WordPress (CVE-2016-1000154)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /plugins/delete-plugin.php" \
"chain,t:none,t:normalizePath,t:lowercase"
SecRule ARGS_GET:plugin "@rx \x22|<" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:229090,chain,msg:'COMODO WAF: XSS vulnerability in the WooCommerce plugin before 2.6.9 for WordPress (CVE-2016-10112)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq woocommerce_tax_rates_save_changes" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/postcode/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229120,chain,msg:'COMODO WAF: XSS in the WangGaurd Plugin before 1.7.3 For WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wangguard_users_info" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:userIP "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:229140,chain,msg:'COMODO WAF: XSS in WP Mail plugin before 1.2 for WordPress (CVE-2017-5942)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp_mail_compose" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:replyto "@rx \x22|<" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:229170,chain,msg:'COMODO WAF: XSS Vulnerability in Corner Ad plugin v1.0.7 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:corner_ad_edition_nonce "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:corner_ad_name "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:229230,chain,msg:'COMODO WAF: XSS Vulnerability in rockhoist-badges v1.2.2 for WordPress (CVE-2017-6102)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:add-badge-posted "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:badge-name|ARGS_POST:badge-desc "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:229280,chain,msg:'COMODO WAF: XSS vulnerability in Easy WP SMTP before 1.2.5 for WordPress (CVE-2017-7723)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq swpsmtp_settings" \
"chain,t:none,t:lowercase"
SecRule &ARGS_POST:swpsmtp_nonce_name "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:swpsmtp_subject "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229281,chain,msg:'COMODO WAF: XSS vulnerability in Easy WP SMTP before 1.2.5 for WordPress (CVE-2017-7723)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq swpsmtp_settings" \
"chain,t:none,t:lowercase"
SecRule &ARGS_POST:swpsmtp_nonce_name "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:swpsmtp_message "@contains </textarea" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@ge 1" \
"id:229300,chain,msg:'COMODO WAF: XSS vulnerability in YOP Poll versions prior to 5.8.1 (CVE-2017-2127)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@streq yop_poll_add_edit_poll" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/yop_poll_question\[question_\d+\]\[question\]/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229320,chain,msg:'COMODO WAF: XSS vulnerability in Raygun4WP plugin 1.8.0 for WordPress (CVE-2017-9288)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains sendtesterror.php" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET:rg4wp_status "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:backurl "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229360,chain,msg:'COMODO WAF: XSS vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress (CVE-2014-9310)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq backup-to-dropbox-premium" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:title "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:229390,chain,msg:'COMODO WAF: XSS vulnerability in WP-Members prior to version 3.1.8 (CVE-2017-2222)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:activated "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/users.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:229400,chain,msg:'COMODO WAF: XSS vulnerability in WP Statistics plugin through 12.0.9 for WordPress (CVE-2017-10991)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:page "@streq wps_referrers_page" \
"chain,t:none"
SecRule ARGS_GET:rangestart|ARGS_GET:rangeend "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229410,chain,msg:'COMODO WAF: XSS vulnerability in Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress (CVE-2017-12200)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:page "@streq upcp-options" \
"chain,t:none,t:lowercase,t:urlDecodeUni"
SecRule ARGS_POST:Catalogue_Name "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229490,chain,msg:'COMODO WAF: XSS vulnerability in Participants Database plugin before 1.7.5.10 for WordPress (CVE-2017-14126)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq participants-database_options" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:participants-database_options[required_field_marker] "@contains </textarea" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:229500,chain,msg:'COMODO WAF: XSS vulnerability in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress (CVE-2015-9229)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nggallery-manage-gallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:/images\[\d*?\]\[alttext\]/ "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229580,chain,msg:'COMODO WAF: XSS vulnerability in Anti-Malware Security and Brute-Force Firewall v. 4.17.29 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:GOTMLS_mt "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@within gotmls-settings gotmls-firewall-options gotmls-view-quarantine" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:229590,chain,msg:'COMODO WAF: XSS vulnerability in WooCommerce PDF Invoices & Packing Slips 2.0.9 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpo_wcpdf_options_page" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229610,chain,msg:'COMODO WAF: XSS vulnerability in Crelly Slider v1.2.2 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq crellyslider" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:id "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229620,chain,msg:'COMODO WAF: XSS vulnerability in Booking Calendar for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpbc" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:view_mode "@streq vm_calendar" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:tab_cvm "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229630,chain,msg:'COMODO WAF: XSS vulnerability in Google Pagespeed Insights plugin v3.0.0 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq google-pagespeed-insights" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/tools.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:filter "@contains <" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:229650,chain,msg:'COMODO WAF: XSS vulnerability in 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress (CVE-2017-14622)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq kbamz" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:kbAction "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229760,chain,msg:'COMODO WAF: XSS vulnerability in PopCash.Net Code Integration Tool plugin for WordPress (CVE-2017-15810)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq popcash-net" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229770,chain,msg:'COMODO WAF: XSS vulnerability in wp-noexternallinks plugin before 3.5.19 for WordPress (CVE-2017-15863)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-noexternallinks/wp-noexternallinks-options.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:/^date/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229780,chain,msg:'COMODO WAF: XSS vulnerability in user-login-history plugin through 1.5.2 for WordPress (CVE-2017-15867)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq user-login-history" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:date_from|ARGS_GET:date_to|ARGS_GET:user_id|ARGS_GET:username|ARGS_GET:country_name|ARGS_GET:browser|ARGS_GET:operating_system|ARGS_GET:ip_address "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229790,chain,msg:'COMODO WAF: XSS vulnerability in the Pootle Button plugin before 1.2.0 for WordPress for WordPress (CVE-2017-15811)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq pbtn_dialog" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:assets_url "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229800,chain,msg:'COMODO WAF: XSS vulnerability in the Caldera Forms before 1.5.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq caldera-forms" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:edit "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229810,chain,msg:'COMODO WAF: XSS vulnerability in the AffiliateWp plugin before 2.0.9 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq affiliate-wp-referrals" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:filter_from "@rx \'" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229840,chain,msg:'COMODO WAF: XSS vulnerability in multiple BestWebSoft plugins for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bws_panel" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:category "@rx \x22" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229880,chain,msg:'COMODO WAF: XSS vulnerability in custom-map plugin through 1.1 for WordPress (CVE-2017-17744)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within custom_maps_advanced_settings custom_maps_edit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id|ARGS_GET:map_id "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229881,chain,msg:'COMODO WAF: XSS vulnerability in custom-map plugin through 1.1 for WordPress (CVE-2017-17744)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith custom_maps_" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@rx (?:settings|add_new|edit)$" \
"chain"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229910,chain,msg:'COMODO WAF: XSS vulnerability in wp-concours plugin through 1.1 for WordPress (CVE-2017-17719)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq concours" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:result_message "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229920,chain,msg:'COMODO WAF: XSS vulnerability in Oturia Smart Google Code Inserter plugin before 3.5 for WordPress (CVE-2018-3810)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq smartcode" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:sgcgoogleanalytic|ARGS_POST:sgcwebtools "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229960,chain,msg:'COMODO WAF: XSS vulnerability in the Add Link to Facebook plugin through 2.3 for WordPress(CVE-2018-5214)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/profile.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:al2fb_facebook_id "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229980,chain,msg:'COMODO WAF: XSS vulnerability in the Simple Download Monitor plugin before 3.5.4 for WordPress(CVE-2018-5213,CVE-2018-5212)||%{tx.domain}|%{tx.mode}|0',phase:2,deny,status:403,log,t:none,rev:1,severity:0,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/post.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:sdm_upload|ARGS_POST:sdm_upload_thumbnail "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230080,chain,msg:'COMODO WAF: XSS vulnerability in Shibboleth plugin before 1.8 for WordPress (CVE-2017-14313)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq shibboleth-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230090,chain,msg:'COMODO WAF: XSS vulnerability in Download-manager plugin before 2.9.52 for WordPress (CVE-2017-18032)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq wpdm_generate_password" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230140,chain,msg:'COMODO WAF: XSS vulnerability in Dark-mode plugin 1.66 for WordPress (CVE-2018-5651 and CVE-2018-5652)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:dark_mode_nonce "@ge 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq profile.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:dark_mode_start|ARGS_POST:dark_mode_end "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230180,chain,msg:'COMODO WAF: XSS vulnerability in wp-splashing-images-2.1.0 plugin for WordPress (CVE-2018-6194)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-splashing" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith upload.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:search "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230190,chain,msg:'COMODO WAF: XSS vulnerability in UltimateMember plugin 2.0 for WordPress (CVE-2018-6943 and CVE-2018-6944)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:key "@ge 1" \
"chain,t:none"
SecRule &ARGS_POST:set_mode "@ge 1" \
"chain,t:none"
SecRule FILES "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@rx core\/lib\/upload\/um-(?:image|file)-upload\.php$" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230220,chain,msg:'COMODO WAF: XSS vulnerability in Bullet Proof Security plugin before 0.52.5 for WordPress (CVE-2015-9230)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:Submit-DB-Table-Prefix "@streq changedbtableprefix" \
"chain,t:none,t:urlDecodeUni,t:removeWhitespace,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:DBTablePrefix "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230240,chain,msg:'COMODO WAF: XSS vulnerability in Two-Factor Authentication - Clockwork SMS plugin 1.0.2 for wordpress (CVE-2017-17780)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq clockwork_test_message" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:to "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230250,chain,msg:'COMODO WAF: XSS vulnerability in elevanssi plugin 4.0.4 for WordPress (CVE-2018-9034)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@endsWith relevanssi.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:tab "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230260,chain,msg:'COMODO WAF: XSS vulnerability in The Iptanus WordPress File Upload plugin before 4.3.4 for wordpress (CVE-2018-9844)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wordpress_file_upload" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wfu_basedir "@rx <|\x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230270,chain,msg:'COMODO WAF: XSS vulnerability in WordPress Download Manager prior to version 2.9.50 for wordpress (CVE-2017-2216)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wpdm_admin_upload_file" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230280,chain,msg:'COMODO WAF: XSS vulnerability in PixelYourSite plugin prior to version 5.3.0 for wordpress (CVE-2018-0578)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pixel-your-site" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:pys[general][pixel_id] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230290,chain,msg:'COMODO WAF: XSS vulnerability in WP Live Chat Support plugin before 8.0.08 for wordpress (CVE-2018-11105)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@contains /wp-json/wp_live_chat_support/v1/start_chat" \
"chain,t:none,t:normalizePath,t:lowercase"
SecRule ARGS_POST:wplc_name|ARGS_POST:wplc_email "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230300,chain,msg:'COMODO WAF: XSS vulnerability in MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress (CVE-2018-11485)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:key "@beginsWith wc_order_" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_COOKIES:referral_site "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_URI "@contains checkout/order-received/" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230350,chain,msg:'COMODO WAF: XSS vulnerability in MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress (CVE-2018-11485)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-admin/post.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_POST:location_name|ARGS_POST:location_address|ARGS_POST:location_town "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230370,chain,msg:'COMODO WAF: XSS vulnerability in the User Profile & Membership plugin before 2.0.11 for WordPress (CVE-2018-10234)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq um_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:um_options[delete_account_text] "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230380,chain,msg:'COMODO WAF: XSS vulnerability in the WP Statistics plugin 12.0.2-12.0.5 for WordPress (CVE-2018-1000556)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wps_pages_page" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:page-uri "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230390,chain,msg:'COMODO WAF: XSS vulnerability in Events Manager plugin prior to version 5.9 for WordPress (CVE-2018-0576)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq events-manager-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:dbem_cp_events_slug|ARGS_POST:dbem_cp_locations_slug|ARGS_POST:dbem_taxonomy_category_slug|ARGS_POST:dbem_taxonomy_tag_slug "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230420,chain,msg:'COMODO WAF: SQL injection vulnerability in the MemberMouse plugin 2.2.8 and prior for WordPress (CVE-2018-11309)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:mm_action "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:coupon_code "@contains '" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230430,chain,msg:'COMODO WAF: XSS vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress (CVE-2018-0579)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:action "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:wd_fb_og_status|ARGS_GET:wd_fb_og_error "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq post.php" \
"t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230440,chain,msg:'COMODO WAF: XSS vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress (CVE-2018-0577)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpgmp_view_overview" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:skin "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230450,chain,msg:'COMODO WAF: XSS vulnerability in Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress (CVE-2018-13832)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq aio-favicon_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:aio-favicon_settings[frontendICO-text]|ARGS_POST:aio-favicon_settings[frontendGIF-text]|ARGS_POST:aio-favicon_settings[frontendPNG-text]|ARGS_POST:aio-favicon_settings[frontendApple-text]|ARGS_POST:aio-favicon_settings[backendICO-text]|ARGS_POST:aio-favicon_settings[backendGIF-text]|ARGS_POST:aio-favicon_settings[backendPNG-text]|ARGS_POST:aio-favicon_settings[backendApple-text] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230480,chain,msg:'COMODO WAF: XSS vulnerability in Responsive Cookie Consent plugin before 1.8 for WordPress (CVE-2018-10309)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq rcc_settings_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:rcc_settings[message]|ARGS_POST:rcc_settings[accept]|ARGS_POST:rcc_settings[more-info]|ARGS_POST:rcc_settings[policy-url]|ARGS_POST:rcc_settings[font]|ARGS_POST:rcc_settings[width]|ARGS_POST:rcc_settings[max-width]|ARGS_POST:rcc_settings[padding]|ARGS_POST:rcc_settings[border-size] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230490,chain,msg:'COMODO WAF: XSS vulnerability in Multi Step Form plugin 1.2.5 for WordPress (CVE-2018-14846)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq fw_wizard_save" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:data[wizard][title]|ARGS_POST:/^data\[wizard]\[steps]/|ARGS_POST:/^data\[wizard]\[settings]/|!ARGS_POST:data[wizard][settings][headers] "@rx (?:\x22|<)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230510,chain,msg:'COMODO WAF: XSS vulnerability in Geo Mashup plugin before 1.10.4 for WordPress (CVE-2018-14071)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq geo-mashup/geo-mashup.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230570,chain,msg:'COMODO WAF: XSS vulnerability in File Manager plugin V2.9 for WordPress (CVE-2018-16363)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp_file_manager" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:lang "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230590,chain,msg:'COMODO WAF: XSS vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 for WordPress (CVE-2018-0642)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq fvplayer" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:fv-email-export-screen "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230600,chain,msg:'COMODO WAF: XSS vulnerability in FV Flowplayer Video Player plugin 7.1.15.727 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq fvplayer" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^popups\[\d+?\]\[name\]$/|ARGS_POST:/^email_lists\[\d+?\]\[title\]$/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230610,chain,msg:'COMODO WAF: XSS vulnerability in WPtouch plugin 4.3.28 for WordPress (CVE-2018-17417)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wptouch-admin-general-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wptouch__wptouch_pro__filtered_urls|ARGS_POST:wptouch__wptouch_pro__force_locale|ARGS_POST:wptouch__wptouch_pro__remove_shortcodes|ARGS_POST:wptouch__wptouch_pro__custom_user_agents|ARGS_POST:wptouch__wptouch_pro__site_title "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230620,chain,msg:'COMODO WAF: XSS vulnerability in FooGallery plugin through 1.4.31 for WordPress (CVE-2018-17308)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq foogallery" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:foogallery[language_images_count_single_text] "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230650,chain,msg:'COMODO WAF: XSS vulnerability in Wp-Insert 2.4.2 plugin for WordPress (CVE-2018-17991)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wp_insert_trackingcodes_google_analytics_form_save_action" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wp_insert_trackingcodes_analytics_code "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230660,chain,msg:'COMODO WAF: XSS vulnerability in Affiliates Manager plugin through 2.6.0 for WordPress (CVE-2018-17579)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpam-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:txtMinimumPayout|ARGS_POST:txtCookieExpire|ARGS_POST:txtEmailName|ARGS_POST:txtEmailAddress|ARGS_POST:affBountyAmount|ARGS_POST:affCurrencySymbol|ARGS_POST:affCurrencyCode "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230680,chain,msg:'COMODO WAF: XSS vulnerability in Ultimate WordPress Auction plugin through 1.4.31 (CVE-2018-17576)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq payment" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:method "@within paypal wire_transfer mailing_address" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wdm_paypal_address|ARGS_POST:wdm_wire_transfer|ARGS_POST:wdm_mailing_address "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230690,chain,msg:'COMODO WAF: SQLi and XSS vulnerability in Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-18017, CVE-2018-18018 and CVE-2018-18019)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith slideshow-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:Slide[title]|ARGS_POST:Slide[image_url]|ARGS_POST:Gallery[id]|ARGS_POST:Gallery[title] "@rx (?:<|'|\x22)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230700,chain,msg:'COMODO WAF: XSS vulnerability in Tribulant Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-17946)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith slideshow-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:method|ARGS_GET:id|ARGS_GET:Gallerymessage|ARGS_GET:Galleryupdated|ARGS_GET:Galleryerror "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230710,chain,msg:'COMODO WAF: XSS vulnerability in LearnPress WordPress LMS Plugin through 3.0.12.1 (CVE-2018-17970, CVE-2018-17971)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq learn-press-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:learn_press_profile_picture_thumbnail_size[width]|ARGS_POST:learn_press_profile_picture_thumbnail_size[height]|ARGS_POST:learn_press_course_thumbnail_image_size[width]|ARGS_POST:learn_press_course_thumbnail_image_size[height] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230720,chain,msg:'COMODO WAF: XSS vulerability in Affiliates Manager plugin 2.6.0 for WordPress (CVE-2018-17995)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpam-creatives" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@within new edit" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:txtName|ARGS_POST:txtSlug|ARGS_POST:txtLinkText|ARGS_POST:txtAltText "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230730,chain,msg:'COMODO WAF: XSS vulnerability in Email Subscribers & Newsletters 3.5.13 for WordPress (CVE-2018-18063, CVE-2018-18076)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:es_form_submit "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@within es-settings es-tools" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:es_c_fromname|ARGS_POST:es_c_fromemail|ARGS_POST:es_c_toemail "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230740,chain,msg:'COMODO WAF: XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nextend" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:name "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230750,chain,msg:'COMODO WAF: XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress (CVE-2018-18302, CVE-2018-18303, CVE-2018-18304, CVE-2018-18305)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith smart-slider" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:sliderTitle|ARGS_POST:slider[title]|ARGS_POST:slide[title] "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230770,chain,msg:'COMODO WAF: XSS vulnerability in Chamber Dashboard Business Directory plugin 3.0.2 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq cdash_plugin_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST_NAMES "@beginsWith cdash_directory_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230780,chain,msg:'COMODO WAF: XSS vulnerability in Ultimate Member - User Profile & Membership plugin 2.0.29 and before 2.0.28 for WordPress (CVE-2018-17866)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq um_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST_NAMES "@beginsWith um_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS:um_options[restricted_access_message]|!ARGS:um_options[welcome_email] "@rx \x22|\(|\'" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230800,chain,msg:'COMODO WAF: XSS vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq slimconfig" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:options[date_format]|ARGS_POST:options[time_format]|ARGS_POST:options[ip_lookup_service]|ARGS_POST:options[mozcom_access_id]|ARGS_POST:options[mozcom_secret_key]|ARGS_POST:options[capability_can_view]|ARGS_POST:options[capability_can_customize]|ARGS_POST:options[capability_can_admin] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230810,chain,msg:'COMODO WAF: XSS vulnerability Schiocco Support Board - Chat And Help Desk plugin 1.2.3 for WordPress (CVE-2018-18373)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq sb_ajax_add_message" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:files "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230820,chain,msg:'COMODO WAF: XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq unitegallery_ajax_action" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:data[main][title]|ARGS_POST:data[title] "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230830,chain,msg:'COMODO WAF: XSS vulnerability in NextGEN Gallery plugin 3.0.16 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ngg_other_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:image_options[imgHeight]|ARGS_POST:image_options[imgWidth] "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230850,chain,msg:'COMODO WAF: XSS vulnerability in Appointments plugin 2.4.0 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq app_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:additional_css|!ARGS_POST:confirmation_message|!ARGS_POST:reminder_message|!ARGS_POST:removal_notification_message "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230860,chain,msg:'COMODO WAF: XSS vulnerability in WP Live Chat Support plugin 8.0.15 for WordPress (CVE-2018-18460)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wplivechat-menu-gdpr-page" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:term "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:241530,chain,msg:'COMODO WAF: XSS vulnerabilities in the XCloner plugin 3.1.2 for WordPress (CVE-2015-4337)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:option "@streq com_cloner" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:excl_manual "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:241531,chain,msg:'COMODO WAF: XSS vulnerabilities in the XCloner plugin 3.1.2 for WordPress (CVE-2015-4337)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq xcloner_show" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:excl_manual "@contains <" \
"t:none,t:urlDecodeUni"
SecRule &TX:WordPress "@eq 1" \
"id:244870,chain,msg:'COMODO WAF: XSS vulnerability in Event List plugin 0.7.9 for WordPress (CVE-2017-12068)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq el_admin_categories" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:/^slug\[/ "@rx (?:\x22|<)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:221390,chain,msg:'COMODO WAF: RCE vulnerability in the File Gallery plugin before 1.7.9.2 for WordPress(CVE-2014-2558)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq options.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^file_gallery/ "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222240,chain,msg:'COMODO WAF: XSS in the WP-Contact plugin 1.0 and earlier for WordPress (CVE-2014-4583)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /forms/messages.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:edit|ARGS_GET:id|ARGS_GET:limit_start|ARGS_GET:order|ARGS_GET:order_direction "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222250,chain,msg:'COMODO WAF: XSS vulnerability in the WP Consultant plugin 1.0 and earlier for WordPress (CVE-2014-4582)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq admin_show_dialogs.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:dialog_id "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222260,chain,msg:'COMODO WAF: XSS vulnerability in the WPCB plugin 2.4.8 and earlier for WordPress (CVE-2014-4581)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq facture.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222270,chain,msg:'COMODO WAF: XSS vulnerability in the HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress (CVE-2014-4534)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq autoplay.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:playlistmod|ARGS_GET:theme "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222290,chain,msg:'COMODO WAF: XSS vulnerability in the ToolPage plugin 1.6.1 and earlier for WordPress (CVE-2014-4560)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /includes/gettipo.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:t "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:222300,chain,msg:'COMODO WAF: XSS vulnerability in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress (CVE-2014-4549)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:5,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /pages/3dcomplete.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:MD|ARGS_GET:PARes "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226450,chain,msg:'COMODO WAF: XSS vulnerability in Pixabay Images plugin before 2.4 for WordPress (CVE-2015-1366)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:pixabay_upload "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:image_user "@rx (<|\x22)" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule TX:WordPress "@eq 1" \
"id:226510,chain,msg:'COMODO WAF: XSS vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress (CVE-2015-0901)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq functions.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq themes.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:ga_id|ARGS_POST:notice_content "@contains </textarea>" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:226680,chain,msg:'COMODO WAF: SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress (CVE-2014-10013)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:5,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:page_id "@ge 1" \
"chain,t:none"
SecRule ARGS:a "@streq dosearch" \
"chain,t:none,t:lowercase"
SecRule ARGS:keywordphrase "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226750,chain,msg:'COMODO WAF: XSS vulnerability in Landing Pages plugin before 1.8.5 for WordPress (CVE-2015-4065)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq inbound-forms" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:post "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226870,chain,msg:'COMODO WAF: XSS vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress (CVE-2015-2321)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:jobman-apply "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:/^jobman-field-/ "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228230,chain,msg:'COMODO WAF: XSS vulnerabilities in the WordPress plugin Comment-Attachment v1.0 (CVE-2013-6010)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq discussion" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:commentAttachment[commentAttachmentTitle] "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:228650,chain,msg:'COMODO WAF: XSS vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress (CVE-2015-2084)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains cnss_social_icon" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:image_file "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229420,chain,msg:'COMODO WAF: XSS vulnerability in Easy Testimonials plugin 3.0.4 for WordPress (CVE-2017-12131)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/options.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:option_page "@streq easy-testimonials-display-settings-group" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_POST:easy_t_excerpt_length|ARGS_POST:easy_t_excerpt_text|ARGS_POST:testimonials_link|ARGS_POST:easy_t_view_more_link_text|ARGS_POST:easy_t_width "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230870,chain,msg:'COMODO WAF: XSS vulnerability in VO Store Locator plugin 3.2.12 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq vosl_update_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:vosl_map_custom_center|ARGS_POST:search_box_placeholder_text "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230880,chain,msg:'COMODO WAF: XSS vulnerability in WP Native Articles plugin 1.5.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpna_transformers" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:name "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230890,chain,msg:'COMODO WAF: XSS vulnerability in Snazzy Maps plugin before 1.1.5 for WordPress (CVE-2018-17947)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq snazzy_maps" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:tab|ARGS_GET:text "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230900,chain,msg:'COMODO WAF: XSS vulnerability in Interactive World Map plugin 1.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith free-world-continent-map-plugin" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^name/|ARGS_POST:/^URL\[/|ARGS_POST:/^image\[/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230920,chain,msg:'COMODO WAF: XSS vulnerability in Simba Plugin Updates Manager 1.8.11 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq updraftmanager" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:name "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230930,chain,msg:'COMODO WAF: XSS vulnerability in Amazon Product in a Post Plugin 4.0.3.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq apipp_plugin_admin" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:apipp_amazon_publickey|ARGS_POST:apipp_amazon_secretkey "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230940,chain,msg:'COMODO WAF: XSS vulnerability in Simple Wishlists for Weddings, Birthdays etc Plugin 1.5.3 For WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST_NAMES "@beginswith wpgr_wishlist" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^wpgr_wishlist\[\d+?\]\[gift_parts_total\]$/|ARGS_POST:/^wpgr_wishlist\[\d+?\]\[gift_parts_string\]$/|ARGS_POST:/^wpgr_wishlist\[\d+?\]\[gift_part_string\]$/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230950,chain,msg:'COMODO WAF: XSS vulnerability in WordPress Download Manager Plugin 2.9.82||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wdm_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:__wpdm_chunk_size|ARGS_POST:_wpdm_recaptcha_site_key|ARGS_POST:_wpdm_recaptcha_secret_key "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230960,chain,msg:'COMODO WAF: XSS vulnerability in Ninja Forms plugin before 3.3.18 for WordPress (CVE-2018-19287)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq nf_sub" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:form_id|ARGS_GET:begin_date|ARGS_GET:end_date "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232000,chain,msg:'COMODO WAF: XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page|ARGS_POST:action "@beginsWith awpcp" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:name|ARGS_POST:category_name "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232030,chain,msg:'COMODO WAF: XSS vulnerability in Opti MozJpeg Guetzli WebP plugin 1.16 for wordpress 3.9.3||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq wpmjgu_settins_section" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:wpmjgu_path_filter "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232060,chain,msg:'COMODO WAF: XSS vulnerability in Image Hover Effects plugin 4.7.6 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq la_save_caption_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:/\[cap_desc\]/ "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232070,chain,msg:'COMODO WAF: XSS vulnerability in Image Photo Gallery Final Tiles Grid 3.3.52 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:_fs_blog_admin "@eq 1" \
"chain,t:none"
SecRule ARGS_POST:ftg_name|ARGS_POST:ftg_width|ARGS_POST:ftg_loadedDuration "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232080,chain,msg:'COMODO WAF: XSS vulnerability in Easy Testimonials plugin 3.2 for WordPress (CVE-2018-19564)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq testimonial" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:_ikcf_client|ARGS_POST:_ikcf_position|ARGS_POST:_ikcf_other|ARGS_POST:_ikcf_rating "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232100,chain,msg:'COMODO WAF: XSS vulnerability in Bookly - Online Booking and Scheduling Plugin 16.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq bookly_update_service" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:title "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232110,chain,msg:'COMODO WAF: XSS vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002006, CVE-2018-1002007)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bft_integrate_contact" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:classes|ARGS_POST:html_id|ARGS_POST:cf7_name_field|ARGS_POST:cf7_email_field "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232120,chain,msg:'COMODO WAF: XSS vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002001, CVE-2018-1002002, CVE-2018-1002003, CVE-2018-1002004, CVE-2018-1002005, CVE-2018-1002008)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bft_list" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232150,chain,msg:'COMODO WAF: XSS vulnerability in LifterLMS Plugin 3.25.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq course" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:_llms_enrollment_start_date|ARGS_POST:_llms_enrollment_end_date|ARGS_POST:_llms_start_date|ARGS_POST:_llms_end_date|ARGS_POST:_llms_capacity "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232210,chain,msg:'COMODO WAF: XSS vulnerability in spam-byebye 2.2.1 plugin for WordPress (CVE-2018-16206)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq spam-byebye" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^SB2_ENTRY_OBJECT\[/|ARGS_POST:/^SB2_SPAM_/|ARGS_POST:/^SB2_URIBL_HOSTS\[/|ARGS_POST:/^SB2_WHITE_LISTS\[/|ARGS_POST:SB2_RESULT "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232220,chain,msg:'COMODO WAF: XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:/^wprequal_lead/ "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:wprequal_lead[fname]|ARGS_POST:wprequal_lead[lname]|ARGS_POST:wprequal_lead[email]|ARGS_POST:wprequal_lead[loan_amount]|ARGS_POST:wprequal_lead[agree_terms] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232230,chain,msg:'COMODO WAF: XSS vulnerability in User Registration plugin v1.5.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq add-new-registration" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:edit-registration "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232270,chain,msg:'COMODO WAF: XSS vulnerability in Hide Adsense Ads for specific countries plugin 1.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith block-hide-adsense-ads-for-specific-countries" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:ssubmit|ARGS_POST:haa_category_hide "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232280,chain,msg:'COMODO WAF: XSS vulnerability in Contact Form Maker plugin v1.2.20 and below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq themes_fmc" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:active_tab|ARGS_GET:pagination "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232400,chain,msg:'COMODO WAF: XSS vulnerability in Geo Mashup Options plugin 1.11.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq geo-mashup/geo-mashup.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:single_map[width]|ARGS_POST:single_map[height]|ARGS_POST:global_map[width]|ARGS_POST:global_map[height]|ARGS_POST:context_map[width]|ARGS_POST:context_map[height] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232410,chain,msg:'COMODO WAF: XSS vulnerability in wp-google-maps plugin before 7.10.43 for WordPress (CVE-2019-9912)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-google-maps-menu" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_URI "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232420,chain,msg:'COMODO WAF: XSS vulnerability in LightGallery plugin 1.0.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq lightgallery" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:lowercase,t:urlDecodeUni"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232430,chain,msg:'COMODO WAF: XSS vulnerability in WP Product Gallery Lite plugin 1.0.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST_NAMES "@beginsWith wppg_option" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wppg_option[wppg_post_excerpt] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232460,chain,msg:'COMODO WAF: XSS vulnerability in Blog2Social plugin v5.0.2 for Wordpress (CVE-2019-9576)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq blog2social-ship" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:b2s_update_publish_date "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232500,chain,msg:'COMODO WAF: XSS vulnerability in WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress (CVE-2019-7299)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@within wpsp_submit_ticket wpsp_set_edit_subject" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:subject "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232520,chain,msg:'COMODO WAF: XSS vulnerability in Event Geek plugin 2.5.2 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq gg_event_menu" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232540,chain,msg:'COMODO WAF: XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5653, CVE-2018-5654 and CVE-2018-5655)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq pffree_security" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:PFFREE_Access_Token|ARGS_POST:weblizar_pffree_settings_save_get-users|ARGS_POST:security "@rx \x22" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232600,chain,msg:'COMODO WAF: XSS vulnerability in the Login Widget With Shortcode plugin before 3.2.1 for WordPress (CVE-2014-6312)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:custom_style_afo "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232610,chain,msg:'COMODO WAF: XSS vulnerability in Crony Cronjob Manager plugin before 0.4.7 for WordPress (CVE-2017-14530)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq crony" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:name "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232620,chain,msg:'COMODO WAF: XSS vulnerability in Responsive-coming-soon-page plugin 1.1.18 for WordPress (CVE-2018-5657, CVE-2018-5659, CVE-2018-5660, CVE-2018-5661, CVE-2018-5662, CVE-2018-5663, CVE-2018-5664, CVE-2018-5665 and CVE-2018-5666)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq rcsm-weblizar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:coming-soon_message|!ARGS_POST:subscriber_form_message "@rx \x22" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_POST_NAMES "@rx ^weblizar_rcsm_settings_save_(?:appearance|social|subscriber|counter_clock|footer)_option$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:232630,chain,msg:'COMODO WAF: XSS vulnerability in Booking-calendar plugin 2.1.7 for WordPress (CVE-2018-5670, CVE-2018-5671 and CVE-2018-5672)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith wpdevart-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@rx ^wpdevart-(?:forms|extras|themes)$" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/form\_field\d+?\[label\]/|ARGS_POST:/^extra\_field/|ARGS_POST:/^sale\_conditions\[count\]\[/|ARGS_POST:/^sale\_conditions\[percent\]\[/ "@rx (?:\'|<)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232640,chain,msg:'COMODO WAF: XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5667 and CVE-2018-5668)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith read-and-understood-menu-slug-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:rnu_username_validation_pattern|ARGS_POST:rnu_username_validation_title|ARGS_POST:rnu_username "@rx (?:\x22|<)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232660,chain,msg:'COMODO WAF: XSS vulnerability in ImageInject plugin 1.15 for WordPress (CVE-2018-5284)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpdf-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:flickr_appid "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232670,chain,msg:'COMODO WAF: XSS vulnerability in WPGlobus plugin 1.9.6 for WordPress (CVE-2018-5362, CVE-2018-5363, CVE-2018-5364, CVE-2018-5365, CVE-2018-5366 and CVE-2018-5367)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq wpglobus_option_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:wpglobus_option[css_editor]|!ARGS_POST:wpglobus_option[js_editor] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232671,chain,msg:'COMODO WAF: XSS vulnerability in WPGlobus plugin 1.9.6 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpglobus_language_edit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx (?:\x22|<)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232680,chain,msg:'COMODO WAF: XSS vulnerability in SrbTransLatin plugin 1.46 for WordPress (CVE-2018-5369)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq srbtranslatoptions" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:lang_identificator|ARGS_POST:file_lang_delimiter "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232690,chain,msg:'COMODO WAF: XSS vulnerability in FlickrRSS plugin 5.3.1 for WordPress (CVE-2018-6466, CVE-2018-6468 and CVE-2018-6469)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq flickrrss-settingspage.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:flickrRSS_set|ARGS_POST:flickrRSS_id|ARGS_POST:flickrRSS_tags|ARGS_POST:flickrRSS_cache_uri|ARGS_POST:flickrRSS_cache_path "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232700,chain,msg:'COMODO WAF: XSS vulnerability in Metronet Tag Manager plugin version 1.2.7 for WordPress (CVE-2018-1000506)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq metronet-tag-manager" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:gtm-code-head|ARGS_POST:gtm-code "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:232710,chain,msg:'COMODO WAF: XSS vulnerability in File Manager plugin 3.0 for WordPress (CVE-2018-16967)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp_file_manager_root" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:public_path "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232720,chain,msg:'COMODO WAF: XSS vulnerability in WP Fastest Cache 0.8.8.5 for WordPress (CVE-2018-17585)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpfastestcacheoptions" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wpFastestCachePreload_number|ARGS_POST:wpFastestCacheLanguage "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232721,chain,msg:'COMODO WAF: XSS vulnerability in WP Fastest Cache 0.8.8.5 for WordPress (CVE-2018-17583, CVE-2018-17586)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@beginsWith wpfc_save_" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^rules\[\d+?]\[content]$/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232740,chain,msg:'COMODO WAF: XSS Vulnerability in Improved user search in backend plugin before 1.2.5 (CVE-2014-5196)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith improved-user-search-in-backend" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:iusib_meta_fields "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232830,chain,msg:'COMODO WAF: XSS vulnerability exists in Calendar plugin on or before 1.3.10 for WordPress (CVE-2018-18872)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within calendar calendar-categories" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:category_name|ARGS_POST:event_title "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232860,chain,msg:'COMODO WAF: XSS vulnerability in Custom Field Suite plugin on or before 2.5.14 for WordPress (CVE-2019-11871)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq cfs" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:/cfs\[fields\]\[\d+?\]\[label\]/|ARGS_POST:/cfs\[fields\]\[\d+?\]\[name\]/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232870,chain,msg:'COMODO WAF: XSS vulnerability in Contact People plugin 3.2.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq people-contact" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:c_avatar "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232900,chain,msg:'COMODO WAF: XSS vulnerability in Pie Register Plugin 3.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pie-notifications" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:admin_sendto_email|ARGS_POST:admin_from_name|ARGS_POST:admin_subject_email "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232910,chain,msg:'COMODO WAF: social warfare plugin before 3.5.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq swp_store_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:settings[twitter_id]|ARGS_POST:settings[pinterest_id]|ARGS_POST:settings[facebook_publisher_url]|ARGS_POST:settings[facebook_app_id] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232930,chain,msg:'COMODO WAF: XSS vulnerability in MyThemeShop Launch v1.0.8 plugin for WordPress (CVE-2019-7411)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq wplauncher-settings-group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:wplauncher_options[meta_description]|!ARGS_POST:wplauncher_options[custom_css]|!ARGS_POST:wplauncher_options[header_code]|!ARGS_POST:wplauncher_options[footer_code] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232940,chain,msg:'COMODO WAF: XSS vulnerability in Woocommerce plugin v3.5.3 for WordPress (CVE-2019-9168)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:changes[caption] "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:232950,chain,msg:'COMODO WAF: XSS vulnerability in Ape Gallery plugin 1.6.14 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@Within save-attachment save-attachment-compat" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:changes[title]|ARGS_POST:/^attachments\[\d+\]\[wpape_gallery_effect\]$/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232960,chain,msg:'COMODO WAF: XSS vulnerability WP Google Maps plugin 7.11.17 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wpgmza_settings_page_post" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wpgmza_gdpr_company_name|ARGS_POST:wpgmza_gdpr_retention_purpose "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232970,chain,msg:'COMODO WAF: XSS vulnerability in StaffList plugin 2.6.2 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq stafflist_rename" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233050,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress (CVE-2013-1407)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq events-manager-bookings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:_wpnonce "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233060,chain,msg:'COMODO WAF: XSS vulnerability in the Welcart e-Commerce plugin 1.3.12 for WordPress (CVE-2014-10016)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@contains shop_options_ajax" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:mode "@contains update_delivery_method" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:name "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233070,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in WpJobBoard v4.5.1 web-application for WordPress (CVE-2017-15375)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within wpjb-job wpjb-application" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:query "@rx (?:\x22|<)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233080,chain,msg:'COMODO WAF: XSS vulnerability in Gift Vouchers plugin 2.0.1 and before for WordPress (CVE-2018-16609)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq new-voucher-template" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@within admin.php edit.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:title "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233081,chain,msg:'COMODO WAF: XSS vulnerability in Gift Vouchers plugin 2.0.1 and before for WordPress (CVE-2018-16612)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq wpgv_voucher_product" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq post.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:description "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233120,chain,msg:'COMODO WAF: XSS vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq wpdm_save_email_setting" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233121,chain,msg:'COMODO WAF: XSS vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq templates" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:post_type "@streq wpdmpro" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:email_template[message] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233122,chain,msg:'COMODO WAF: XSS vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wpdm_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:wpdm_login_msg|!ARGS_POST:wpdm_permission_msg|!ARGS_POST:__wpdm_blocked_ips_msg "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233190,chain,msg:'COMODO WAF: XSS vulnerability in Better File Download Plugin 1.0.9 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq better-file-download-display-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233220,chain,msg:'COMODO WAF: XSS vulnerability in Modern Events Calendar Lite plugin 4.2.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:taxonomy "@within mec_label mec_organizer mec_location" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:description "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233230,chain,msg:'COMODO WAF: XSS vulnerability in Salon booking system plugin 3.30.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq salon-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^salon_settings\[style/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233250,chain,msg:'COMODO WAF: XSS vulnerability exists in Event Calendar WD Plugin v 1.1.21 or below For WordPress (CVE-2018-16164)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:data[wp_autosave][post_type] "@streq ecwd_event" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:data[wp_autosave][post_title] "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233260,chain,msg:'COMODO WAF: XSS vulnerability in Event Management Tickets Booking By Event Monster Plugin v 1.0.5 or below For WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST_NAMES "@beginswith em_" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:em_date_time_heading|ARGS_POST:em_logo_size|ARGS_POST:em_upload_image|ARGS_POST:em_organizer_heading|ARGS_POST:em_organizer_name[]|ARGS_POST:em_venue_email "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233290,chain,msg:'COMODO WAF: XSS vulnerability in Table Reservation plugin 3.3.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq tremtr-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:tremtr-settings[date-format] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233310,chain,msg:'COMODO WAF: XSS vulnerability in WP Nearby Places Basic plugin 1.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq mynearbyplaces_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233320,chain,msg:'COMODO WAF: XSS vulnerability in CP Appointment Calendar Plugin v 1.1.27 or below For WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq dex-appointments-group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:email_notification_to_admin|!ARGS_POST:email_confirmation_to_user "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233330,chain,msg:'COMODO WAF: XSS vulnerability in SP Project and Document Manager plugin 3.4.7 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@rx ^sp-client-document-manager(?:-projects)?$" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233340,chain,msg:'COMODO WAF: XSS vulnerability in WP Statistics plugin 12.6.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wps_tags_page" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:pretag "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233350,chain,msg:'COMODO WAF: XSS vulnerability in Bookings Plugin 6.0.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bookings" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:action "@streq install" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:bookings_css "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233360,chain,msg:'COMODO WAF: XSS vulnerability in Cherry Real Estate Plugin v 1.1.6 or below For WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq cherry-re-options-main" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:cherry-re-options-main[currency-sign]|ARGS_POST:cherry-re-options-main[thousand-sep] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233370,chain,msg:'COMODO WAF: XSS vulnerability in Ultimate Profile Builder plugin v 3.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ultimatepb_field" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:field_name|ARGS_POST:field_class|ARGS_POST:field_maxLenght "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233380,chain,msg:'COMODO WAF: XSS vulnerability in CP Contact Form With Paypal Plugin v 1.2.97 or below For WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cp_contact_form_paypal.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:item "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233430,chain,msg:'COMODO WAF: XSS exists in MyBookTable Plugin of v3.2.2 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq mbt_help" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:mbt_video_tutorial "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233440,chain,msg:'COMODO WAF: XSS exists in Google Language Translator Plugin of v5.0.05 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq google_language_translator" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:googlelanguagetranslator_flags_order "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233460,chain,msg:'COMODO WAF: XSS exists in CF7 Invisible reCAPTCHA Plugin of v1.3.1 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cf7-invisible-recaptcha" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:sitekey|ARGS_POST:secretkey|ARGS_POST:exclude "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233470,chain,msg:'COMODO WAF: XSS exists in Share this Image Plugin of v1.19 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq sti-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:selector "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233490,chain,msg:'COMODO WAF: XSS exists in Podlove Subscribe button plugin of v 1.3.6 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq podlove-subscribe-button" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:podlove_button[description] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233500,chain,msg:'COMODO WAF: XSS exists in Birthdays Widget Plugin of v 1.7.18 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq birthdays-widget" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:birthdays_add_new|ARGS_POST:birthday_name|ARGS_POST:birthday_email|ARGS_POST:birthday_image "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233510,chain,msg:'COMODO WAF: XSS vulnerability in Rezgo Online Booking plugin 3.3.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq rezgo-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233550,chain,msg:'COMODO WAF: XSS vulnerability in Meow Gallery plugin 3.4.7 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@beginsWith mgl_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233560,chain,msg:'COMODO WAF: XSS vulnerability in FuseDesk plugin 3.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq fusedesk" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:fusedesk_appname|ARGS_POST:fusedesk_apikey "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233570,chain,msg:'COMODO WAF: XSS vulnerability in Car Demon plugin 1.7.95 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq car_demon_settings_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233650,chain,msg:'COMODO WAF: XSS exists in All-in-One WP Migration plugin of v 6.9.7 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq ai1wm_add_backup_label" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:backup_label "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233670,chain,msg:'COMODO WAF: XSS exists in Booqable Online Rental Shop plugin of v 2.3.1 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq booqable" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:booqable_company_name "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233680,chain,msg:'COMODO WAF: XSS vulnerability in WP Booking System plugin 1.5.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-booking-system-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233690,chain,msg:'COMODO WAF: XSS vulnerability in Folders Plugin 2.1.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@within wcp_add_new_folder wcp_update_folder" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:name "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233700,chain,msg:'COMODO WAF: XSS exists in Coming Soon Page and Maintenance Mode Plugin of v 1.8.0 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpsm_responsive_coming_soon" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:rcsp_logo_url|ARGS_POST:logo_width|ARGS_POST:logo_height|ARGS_POST:home_sec_link_txt "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233720,chain,msg:'COMODO WAF: XSS exists in Email Subscribers and Newsletters plugin of v 4.1.6 or before for WordPress (CVE-2019-14364)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq es_add_subscriber" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:esfpx_name "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233740,chain,msg:'COMODO WAF: XSS exists in WebAppick WooCommerce Product Feed Plugin of v 2.2.18 or before for WordPress (CVE-2019-1010124)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq woo_feed_manage_feed" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:link "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233760,chain,msg:'COMODO WAF: XSS exists in OneSignal - Web Push Notifications plugin of v 1.17.5 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq onesignal-push" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:subdomain "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233770,chain,msg:'COMODO WAF: XSS exists in WPS Limit Login plugin of v 1.4.5 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wps-limit-login" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:wps_limit_login_whitelist_ips "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233790,chain,msg:'COMODO WAF: XSS vulnerability in WP Media Category Management plugin 1.9.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@beginsWith wp_mcm_option_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233800,chain,msg:'COMODO WAF: XSS vulnerability in Book Appointment Online plugin v 1.29 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq book_oz_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:oz_default_email|ARGS_POST:oz_default_cur "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233810,chain,msg:'COMODO WAF: XSS vulnerability in wp Open Graph plugin 1.6.2 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-open-graph" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:wpog_options[home_description]|!ARGS_POST:wpog_options[blog_description] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233820,chain,msg:'COMODO WAF: XSS vulnerability in Stylish Cost Calculator plugin v 3.0.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq sccsavefield" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:fieldname "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233880,chain,msg:'COMODO WAF: XSS vulnerability in Restaurant Reservations 1.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq nd_rst_settings_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^nd_rst_/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233890,chain,msg:'COMODO WAF: XSS exists in Engage Forms Plugin of v 1.4.6 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq engage-form-create" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:/form_field\[/d+\]\[help-text\]/|!ARGS_POST:/form_field\[\d+\]\[placeholder\]/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233930,chain,msg:'COMODO WAF: XSS vulnerability in Gallery - Flagallery Photo Portfolio Plugin 5.3.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq flag-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:galleryPath|ARGS_POST:imgQuality|ARGS_POST:albPerPage|ARGS_POST:license_key|ARGS_POST:access_key "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233940,chain,msg:'COMODO WAF: XSS vulnerability in Stripe Payments plugin 1.9.25 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq stripe-payments-coupons" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233950,chain,msg:'COMODO WAF: XSS vulnerability in Event Calendars plugin 1.0.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm eventcalendarts totalsoftevents" \
"chain,t:none,t:urlDecodeUni,t:removeWhitespace,t:lowercase"
SecRule ARGS_POST:TS_Cal_Ev_TName|ARGS_POST:Total_Soft_Cal_Ev_Name "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233960,chain,msg:'COMODO WAF: XSS vulnerability in Booking 2.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq nd_booking_settings_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^nd_booking_/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233990,chain,msg:'COMODO WAF: XSS vulnerability exists Give Plugin of v 2.4.6 or below for WordPress (CVE-2019-15317)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq give-donors" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:donor_info[title]|ARGS_POST:donor_info[first_name]|ARGS_POST:donor_info[last_name] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234010,chain,msg:'COMODO WAF: XSS vulnerability exists in Variation Swatches Plugin of v 1.0.62 for WordPress (CVE-2019-14774)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq woo-variation-swatches-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:tab "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234020,chain,msg:'COMODO WAF: XSS vulnerability exists Limb Gallery Plugin of v 1.4.0 for WordPress (CVE-2019-14790)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:grsAction "@streq shortcode" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:task "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234040,chain,msg:'COMODO WAF: XSS vulnerability exists in Book a Place Plugin v 0.7.1 or possibly below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq book-a-place-schemes" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:scheme-description "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234041,chain,msg:'COMODO WAF: XSS vulnerability exists in Book a Place Plugin v 0.7.1 or possibly below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq book-a-place-orders" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230550,chain,msg:'COMODO WAF: XSS vulerability in Import any XML or CSV File (WP All Import) plugin 3.4.9 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:5,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within pmxi-admin-settings pmxi-admin-import" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:large_feed_limit|ARGS_POST:custom_type|ARGS_POST:xpath|ARGS_POST:title|ARGS_POST:custom_mapping_rules[]|ARGS_POST:unique_key|ARGS_POST:tmp_unique_key "@rx \x22|<" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234050,chain,msg:'COMODO WAF: XSS vulnerability in wp-ultimate-recipe plugin before 3.12.7 for WordPress (CVE-2019-15836)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq recipe" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:/^recipe_/|!ARGS_POST:recipe_video_embed|!ARGS_POST:recipe_notes|!ARGS_POST:recipe_video_thumb "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234100,chain,msg:'COMODO WAF: XSS vulnerability exists in Woo-variation-Gallery Plugin of v 1.1.28 or before for WordPress (CVE-2019-15778)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq gwp_deactivate_feedback" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:reason_text|ARGS_POST:version "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234110,chain,msg:'COMODO WAF: XSS vulnerability exists in Webp-express Plugin of v 0.14.8 or before for WordPress (CVE-2019-15837)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq webpexpress_settings_submit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:whitelist "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234140,chain,msg:'COMODO WAF: XSS vulnerability in easy-property-listings plugin before 3.4 for WordPress (CVE-2019-15817)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq epl-contacts" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:post_title|ARGS_POST:post_content|ARGS_POST:title "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234141,chain,msg:'COMODO WAF: XSS vulnerability in easy-property-listings plugin before 3.4 for WordPress (CVE-2019-15817)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq property" \
"chain,t:none,t:lowercase"
SecRule &ARGS_POST:/^epl_meta_box_ids\[/ "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:property_heading|ARGS_POST:property_bedrooms "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234170,chain,msg:'COMODO WAF: XSS vulnerability exists in Import users from CSV with meta Plugin of v 1.14.0.3 or before for WordPress (CVE-2019-15328)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq acui" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:automattic_wordpress_email|ARGS_POST:template_id|ARGS_POST:email_template_attachment_id "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234180,chain,msg:'COMODO WAF: XSS vulnerability exists in Shapepress-dsgvo Plugin of v 2.2.19 or before for WordPress (CVE-2019-15777)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq admin-common-settings" \
"chain,t:none,t:lowercase,t:urlDecodeUni"
SecRule ARGS_POST:admin_email "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234190,chain,msg:'COMODO WAF: XSS vulnerability exists in 10Web Photo Gallery Plugin of v 1.5.35 or before for WordPress (CVE-2019-16118)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq options_bwg" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:built_in_watermark_text "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234200,chain,msg:'COMODO WAF: XSS vulnerability exists in insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress (CVE-2019-16289)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq wbcr-snippets" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:winp_item "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234210,chain,msg:'COMODO WAF: XSS vulnerability exists in Easy FancyBox Plugin of v 1.8.17 or before for WordPress (CVE-2019-16524)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq media" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:fancybox_titleColor|ARGS_POST:fancybox_paddingColor "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234220,chain,msg:'COMODO WAF: XSS vulnerability exists in Quiz Tool Lite Plugin of v 2.3.13 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ai-quiz-home" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:potName "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234300,chain,msg:'COMODO WAF: XSS vulnerability exists in SoundPress Plugin of v 2.2.6 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq save-widget" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/widget-wp_soundpress_plugin\[\d+\]\[sc_height\]/|ARGS_POST:/widget-wp_soundpress_plugin\[\d+\]\[soundcloud_url\]/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234310,chain,msg:'COMODO WAF: XSS vulnerability exists in WhatConverts Plugin of v 1.0.4 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq whatconverts" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:whatconverts_profile_id "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234390,chain,msg:'COMODO WAF: XSS vulnerability exists in RAYS Grid Plugin of v 1.2.0 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:taxonomy "@within category post_tag" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:tag-name "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234400,chain,msg:'COMODO WAF: XSS vulnerability in broken-link-checker plugin through 1.11.8 for WordPress (CVE-2019-16521 and CVE-2019-17207)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq view-broken-links" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:s_filter "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234410,chain,msg:'COMODO WAF: XSS vulnerability in eu-cookie-law plugin through 3.0.6 for WordPress (CVE-2019-16522)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq peadig_eucookie_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:peadig_eucookie[backgroundcolor]|ARGS_POST:peadig_eucookie[fontcolor]|ARGS_POST:peadig_eucookie[cc-disablecookie] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234430,chain,msg:'COMODO WAF: XSS vulnerability in animate-it plugin before 2.3.6 for WordPress (CVE-2019-17386)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq animate-it/edsanimate.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:eds_scroll_offset "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234450,chain,msg:'COMODO WAF: XSS vulnerability exists in Sliced Invoices Plugin of v 3.8.2 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq duplicate_quote_invoice" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:post "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234460,chain,msg:'COMODO WAF: XSS vulnerability exists in Zoho-crm-forms Plugin of v 1.6.9.1 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq create-leadform-builder" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:module|ARGS_GET:EditShortcode|ARGS_GET:LayoutName "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234470,chain,msg:'COMODO WAF: XSS vulnerability exists in All In One SEO Pack Plugin of v 3.2.6 or before for WordPress (CVE-2019-16520)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq editpost" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:aiosp_title "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234480,chain,msg:'COMODO WAF: XSS vulnerability exists in 10Web Photo Gallery Plugin of v 1.5.35 or before for WordPress (CVE-2019-16117)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq galleries_bwg" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^image_alt_text_/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234530,chain,msg:'COMODO WAF: XSS vulnerability exists in RAYS Grid Plugin of v 1.2.0 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq raysgrid" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:rsgd_type_name "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234550,chain,msg:'COMODO WAF: XSS vulnerability in Custom 404 Pro plugin 3.2.8 for WordPress (CVE-2019-14789)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq c4p-main" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:c4pmessage|ARGS_POST:c4pmessageType|ARGS_POST:page "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233210,chain,msg:'COMODO WAF: XSS vulnerability in File Manager plugin 5.1.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq file-manager-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:root_folder_path|ARGS_POST:root_folder_url "@contains '" \
"t:none,t:urlDecodeUni"
SecMarker WPPlugin_Skip_URF_210460
SecRule REQUEST_FILENAME "@contains videowhisper-live-streaming-integration" \
"id:220840,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress (CVE-2014-1906)||%{tx.domain}|%{tx.mode}|2',deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule MATCHED_VAR "@rx integration\/ls\/(?:channel|htmlchat|lb_logout|lb_status|video|videotext|vc_chatlog|v_status)\.php" \
"chain,t:none,t:lowercase,t:urlDecodeUni,t:normalizePath"
SecRule ARGS_GET:message|ARGS_GET:n|ARGS_POST:ct|ARGS_POST:m|ARGS_POST:msg "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule ARGS_POST:styleShortName "@rx \x22" \
"id:221180,chain,msg:'COMODO WAF: DoS vulnerability in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7 and 10.0 before p4 (CVE-2014-3870)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:htmlEntityDecode,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@streq wp-content/plugins/bib2html/OSBiB/create/index.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:EMAIL|ARGS:MESSAGE|ARGS:NAME "@rx \x22" \
"id:221230,chain,msg:'COMODO WAF: XSS vulnerabilities in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress (CVE-2014-4513)||%{tx.domain}|%{tx.mode}|2',deny,status:403,log,t:none,t:urlDecodeUni,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-content/plugins/activehelper-livehelp/server/offline.php" \
"t:none,t:urlDecodeUni,t:lowercase,t:normalizePath"
SecRule ARGS_GET:text "@rx \x22" \
"id:221240,chain,msg:'COMODO WAF: XSS vulnerability in the AnyFont plugin 2.2.3 and earlier for WordPress (CVE-2014-4515)||%{tx.domain}|%{tx.mode}|2',deny,status:403,log,t:none,t:urlDecodeUni,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains wp-content/plugins/anyfont/mce_anyfont/dialog.php" \
"t:none,t:urlDecodeUni,t:lowercase,t:normalizePath"
SecRule REQUEST_FILENAME "@endsWith admin/swarm-settings.php" \
"id:221370,chain,msg:'COMODO WAF: XSS vulnerabilities in the Bugs Go Viral : Facebook Promotion Generator plugin 1.3.4 and earlier for WordPress (CVE-2014-4528)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecode,t:lowercase,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:fb_edit_action|ARGS_GET:promo_id|ARGS_GET:promo_type "@contains >" \
"t:htmlEntityDecode"
SecRule &ARGS_GET:event "@gt 0" \
"id:221380,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress (CVE-2013-1407)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecode,t:lowercase,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:dbem_phone|ARGS_GET:user_email|ARGS_GET:user_name "@contains >" \
"t:none,t:htmlEntityDecode"
SecRule &ARGS_GET:event "@gt 0" \
"id:221381,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress (CVE-2013-1407)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecode,t:lowercase,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:booking_comment "@contains >" \
"t:none,t:htmlEntityDecode"
SecRule &ARGS_GET:page_id "@ge 1" \
"id:221383,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress (CVE-2013-1407)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:5,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:scope "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith popup.php" \
"id:221410,chain,msg:'COMODO WAF: XSS vulnerability in the Simple Popup Images plugin for WordPress (CVE-2014-3921)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:z "@rx \x22"
SecRule REQUEST_FILENAME "@contains wp-content/plugins/garagesale/templates/printAdminUsersList_Footer.tpl.php" \
"id:221510,chain,msg:'COMODO WAF: XSS vulnerability in the GarageSale plugin before 1.2.3 for WordPress (CVE-2014-4532)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@rx \x22"
SecRule REQUEST_FILENAME "@endsWith r_logout.php" \
"id:221580,chain,msg:'COMODO WAF: XSS vulnerability in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress (CVE-2014-4568)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalizePath,t:removeWhitespace,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:message "@pm ' <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule ARGS_GET:hid_id "@contains >" \
"id:221660,chain,msg:'COMODO WAF: XSS vulnerability in the GEO Redirector plugin 1.0.1 and earlier for WordPress (CVE-2014-4533)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-content/plugins/geo-redirector/ajax_functions.php" \
"t:none,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,t:normalizePath,multiMatch"
SecRule ARGS_GET:paymentType "@rx \x22>" \
"id:221670,chain,msg:'COMODO WAF: XSS vulnerability in the Spotlight plugin 4.7 and earlier for WordPress (CVE-2014-4552)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains library/includes/payment/paypalexpress/dodirectpayment.php" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalizePath,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith templates/download.php" \
"id:221680,chain,msg:'COMODO WAF: XSS vulnerability in the SS Downloads plugin before 1.5 for WordPress (CVE-2014-4554)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:removeWhitespace,t:htmlEntityDecode,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:title "@contains >" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith font-form.php" \
"id:221690,chain,msg:'COMODO WAF: XSS vulnerability in the Style It plugin 1.0 and earlier for WordPress (CVE-2014-4555)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:removeWhitespace,t:htmlEntityDecode,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:mode "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@contains /url-cloak-encrypt/go.php" \
"id:221720,chain,msg:'COMODO WAF: XSS vulnerability in go.php in the URL Cloak & Encrypt (url-cloak-encrypt) plugin 2.0 and earlier for WordPress (CVE-2014-4563)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:url "@rx \x22"
SecRule REQUEST_FILENAME "@contains /wp-content/plugins/validated/check.php" \
"id:221730,chain,msg:'COMODO WAF: XSS vulnerability in the Validated plugin 1.0.2 and earlier for WordPress (CVE-2014-4564)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:slug "@contains >"
SecRule REQUEST_FILENAME "@contains vcc.js.php" \
"id:221740,chain,msg:'COMODO WAF: XSS vulnerabilities in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress (CVE-2014-4565)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:l|ARGS_GET:vm|ARGS_GET:vp|ARGS_GET:vs|ARGS_GET:vu "@contains >"
SecRule REQUEST_FILENAME "@contains res/fake_twitter/frame.php" \
"id:221750,chain,msg:'COMODO WAF: XSS vulnerability in the verwei.se-WordPress-Twitter plugin 1.0.2 and earlier for WordPress (CVE-2014-4566)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,multiMatch,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:base "@rx \x22"
SecRule REQUEST_FILENAME "@endsWith wp-content/plugins/wp-responsive-preview/index.php" \
"id:221760,chain,msg:'COMODO WAF: XSS vulnerability in the WordPress Responsive Preview plugin before 1.2 for WordPress (CVE-2014-4594)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:normalizePath,t:removeWhitespace,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:url "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@contains js/button-snapapp.php" \
"id:221780,chain,msg:'COMODO WAF: XSS vulnerabilities in the SnapApp plugin 1.5 and earlier for WordPress (CVE-2014-4596)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:act|ARGS_GET:msg "@contains >" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith js/window.php" \
"id:221840,chain,msg:'COMODO WAF: XSS vulnerability in the Wikipop plugin 2.0 and earlier for WordPress (CVE-2014-4575)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:s "@rx \x22|>" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith editFacility.php" \
"id:221850,chain,msg:'COMODO WAF: XSS vulnerability in the wp-easybooking plugin 1.0.3 and earlier for WordPress (CVE-2014-4584)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:fID "@contains >" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@contains wp-facethumb/index.php" \
"id:221860,chain,msg:'COMODO WAF: XSS vulnerability in the WP-FaceThumb plugin 1.0 and earlier for WordPress (CVE-2014-4585)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:ajax_url "@contains >" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@pm guest-locator.php online-tracker.php stats-map.php weather-map.php" \
"id:221870,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress (CVE-2014-4587)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:dc|ARGS_GET:mt|ARGS_GET:zl "@contains >" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith settings/pwsettings.php" \
"id:221880,chain,msg:'COMODO WAF: XSS vulnerability in the Your Text Manager plugin 0.3.0 and earlier for WordPress (CVE-2014-4604)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:ytmpw "@contains >" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@contains captcha-secureimage/test/index.php" \
"id:221950,chain,msg:'COMODO WAF: XSS vulnerability in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress (CVE-2014-5190)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@rx \x22" \
"t:none,t:urlDecodeUni,t:removeWhitespace,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@contains custom-image/media.php" \
"id:222080,chain,msg:'COMODO WAF: XSS vulnerability in WP Easy Post Types plugin before 1.4.4 for WordPress (CVE-2014-4524)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:ref "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@contains callback.php" \
"id:222090,chain,msg:'COMODO WAF: XSS vulnerability in efence plugin 1.3.2 and earlier for WordPress (CVE-2014-4526)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:message|ARGS_GET:privKey|ARGS_GET:pubKey|ARGS_GET:zoneid "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@contains paginas/vista-previa-form.php" \
"id:222100,chain,msg:'COMODO WAF: XSS vulnerability in the EnvialoSimple: Email Marketing and Newsletters plugin before 1.98 for WordPress (CVE-2014-4527)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:AdministratorID|ARGS_GET:FormID "@contains <" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith xencarousel-admin.js.php" \
"id:222170,chain,msg:'COMODO WAF: XSS vulnerability in XEN Carousel plugin 0.12.2 and earlier for WordPress (CVE-2014-4602)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:removeWhitespace,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:ajaxpath|ARGS_GET:path "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,multiMatch"
SecRule REQUEST_FILENAME "@endsWith wp-plugins-net/index.php" \
"id:222190,chain,msg:'COMODO WAF: XSS vulnerability in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress (CVE-2014-4593)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:filter "@contains <" \
"t:none,t:urlDecodeUni,multiMatch"
SecRule REQUEST_FILENAME "@endsWith book_ajax.php" \
"id:226010,chain,msg:'COMODO WAF: XSS vulnerability in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress (CVE-2014-4546)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:response "@contains '" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"id:226030,chain,msg:'COMODO WAF: XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress (CVE-2014-7152)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq yks_mailchimp_form" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:form_action "@streq update_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:form_data "@contains '" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith includes/toadmin.php" \
"id:226080,chain,msg:'COMODO WAF: XSS vulnerability in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress (CVE-2014-6445)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,multiMatch,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS:uC "@ge 1" \
"chain"
SecRule &ARGS:uE "@ge 1" \
"chain"
SecRule ARGS:uC|ARGS:uE "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,multiMatch"
SecRule REQUEST_FILENAME "@endsWith bvc.php" \
"id:226090,chain,msg:'COMODO WAF: XSS vulnerability in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress (CVE-2014-4572)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,multiMatch,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:url|ARGS_GET:bvcurl "@rx (?:>|<)" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,multiMatch"
SecRule REQUEST_FILENAME "@pm c_login.php vp/index.php" \
"id:226100,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress (CVE-2014-4570)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:room_name|ARGS_GET:room "@pm < >" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith vv_login.php" \
"id:226110,chain,msg:'COMODO WAF: XSS in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress (CVE-2014-4569)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:room_name "@pm < >" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith pq_dialog.php" \
"id:226120,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress (CVE-2014-4545)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:leftorright|ARGS_GET:author "@rx \x22|'" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@contains wp-content/plugins/wp-ttisbdir/forms/search.php" \
"id:226140,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress (CVE-2014-4599)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:edit|ARGS:search_term|ARGS:page_id|ARGS:page|ARGS:page_links "@pm < >" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith js/test.php" \
"id:226160,chain,msg:'COMODO WAF: XSS vulnerability in the Appointments Scheduler plugin 1.5 and earlier for WordPress (CVE-2014-4579)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:lang "@pm < >" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith services/diagnostics.php" \
"id:226180,chain,msg:'COMODO WAF: XSS vulnerability in the WordPress Social Login plugin 2.0.3 and earlier for WordPress (CVE-2014-4576)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:xhrurl "@contains <" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith client-assist.php" \
"id:226200,chain,msg:'COMODO WAF: XSS vulnerability in the dsIDXpress IDX plugin before 2.1.1 and WordPress Edition plugin 1.0-beta10 and earlier for WordPress (CVE-2014-4521 / CVE-2014-4522)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@contains <" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith bicm-carousel-preview.php" \
"id:226210,chain,msg:'COMODO WAF: XSS vulnerability in the BIC Media Widget plugin 1.0 and earlier for WordPress (CVE-2014-4516)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:param "@contains <" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith aprils-super-functions-pack/readme.php" \
"id:226550,chain,msg:'COMODO WAF: XSS vulnerability in the April Super Functions Pack plugin before 1.4.8 for WordPress (CVE-2014-100026)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith wp-photo-album-plus/wppa-ajax-front.php" \
"id:226860,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress (CVE-2015-3647)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:wppa-action "@streq do-comment" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:comname|ARGS_POST:comemail|ARGS_POST:comment "@rx <" \
"t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule ARGS_GET:response "@streq fu-error" \
"id:227010,chain,msg:'COMODO WAF: XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress (CVE-2014-9444)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:p "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:/errors\[fu-disallowed-mime-type]\[\w*]\[\w*]/ "@rx <" \
"t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule &ARGS_POST:post-id "@ge 1" \
"id:227110,chain,msg:'COMODO WAF: XSS vulnerability in the Contact Form Clean and Simple plugin 4.4.0 and earlier for WordPress (CVE-2014-8955)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:cscf[name] "@rx \x22|<" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith ajax/profile_functions.php" \
"id:227120,chain,msg:'COMODO WAF: XSS vulnerability in the WP Symposium plugin before 14.11 for WordPress (CVE-2014-8809)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq addComment" \
"chain,t:none"
SecRule ARGS_POST:uid|ARGS_POST:parent "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:text "@rx <" \
"t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule REQUEST_FILENAME "@endsWith ajax/mail_functions.php" \
"id:227121,chain,msg:'COMODO WAF: XSS vulnerability in the WP Symposium plugin before 14.11 for WordPress (CVE-2014-8809)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq sendMail" \
"chain,t:none"
SecRule ARGS_POST:compose_recipient_id "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:compose_text|ARGS_POST:compose_previous "@rx <" \
"t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule REQUEST_FILENAME "@endsWith ajax/lounge_functions.php" \
"id:227122,chain,msg:'COMODO WAF: XSS vulnerability in the WP Symposium plugin before 14.11 for WordPress (CVE-2014-8809)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq add_comment" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:comment "@rx <|\'|\x22" \
"t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule REQUEST_FILENAME "@endsWith ajax/gallery_functions.php" \
"id:227123,chain,msg:'COMODO WAF: XSS vulnerability in the WP Symposium plugin before 14.11 for WordPress (CVE-2014-8809)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq create_album" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:name "@rx <|\'|\x22" \
"t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule ARGS_GET:page "@contains relevanssi/relevanssi.php" \
"id:227140,chain,msg:'COMODO WAF: XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress (CVE-2014-9443)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:addstopword "@rx <|\'|\x22" \
"chain,t:none,t:urlDecodeUni,t:htmlEntitydecode"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"t:none,t:lowercase"
SecRule ARGS_GET:post_type "@streq tribe_events" \
"id:227160,chain,msg:'COMODO WAF: XSS vulnerability in Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress (CVE-2015-5485)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains eventbrite" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:error "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith edit.php" \
"t:none,t:lowercase"
SecRule ARGS_GET:page "@rx admin\/(?:addressedit|addresslist|assignedcategorieslist|customfieldslist)\.php" \
"id:227170,chain,msg:'COMODO WAF: XSS vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress (CVE-2015-3300)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS:address_id|ARGS:address_name|ARGS:firstname|ARGS:lastname|ARGS:street|ARGS:city|ARGS:postcode|ARGS:email|ARGS:search_by|ARGS:post_id|ARGS:rel_type|ARGS:post_type "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule &ARGS:selected_billing_id|&ARGS:selected_shipping_address "@ge 1" \
"id:227171,chain,msg:'COMODO WAF: XSS vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress (CVE-2015-3300)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:billing_firstname|ARGS:billing_lastname|ARGS:billing_company|ARGS:billing_tax_id_number|ARGS:billing_city|ARGS:billing_street|ARGS:billing_street_2|ARGS:billing_postcode|ARGS:billing_telephone_1|ARGS:billing_telephone_2|ARGS:billing_fax|ARGS:shipping_firstname|ARGS:shipping_lastname|ARGS:shipping_company|ARGS:shipping_tax_id_number|ARGS:shipping_city|ARGS:shipping_street|ARGS:shipping_street_2|ARGS:shipping_postcode|ARGS:shipping_telephone_1|ARGS:shipping_telephone_2|ARGS:shipping_fax "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:page "@pm Spider_Video_Player_Videos Spider_Video_Player Tags_Spider_Video_Player Spider_Video_Player_Playlists Spider_Video_Player_Themes" \
"id:227270,chain,msg:'COMODO WAF: XSS vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress (CVE-2014-8584)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:search_events_by_title "@rx \x22" \
"chain,t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith js/window.php" \
"id:227280,chain,msg:'COMODO WAF: XSS vulnerability in the sourceAFRICA plugin 0.1.3 for WordPress (CVE-2015-6920)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:wpbase "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith htaccess/bpsunlock.php" \
"id:227390,chain,msg:'COMODO WAF: XSS vulnerability in the BulletProof Security plugin before .51.1 for WordPress (CVE-2014-7958)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:dbhost "@rx <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule ARGS_GET:redirect_to "@contains <" \
"id:227650,chain,msg:'COMODO WAF: XSS vulnerability in Nextend Facebook Connect plugin before 1.5.6 for WordPress (CVE-2015-4413)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-login.php" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@contains /templates/default/index_ajax.php" \
"id:227710,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the Rezgo Online Booking plugin before 1.8.2 for WordPress (CVE-2014-4547)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:search_for|ARGS_GET:tags "@contains '" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@contains includes/api_tenpay/inc.tenpay_notify" \
"id:227840,chain,msg:'COMODO WAF: XSS vulnerability in the Alipay plugin 3.6.0 and earlier for WordPress (CVE-2014-4514)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:$para_ret['total_fee "@rx <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@pm iframe-googlefont-preview iframe-font-preview" \
"id:228040,chain,msg:'COMODO WAF: XSS vulnerability in the Titan Framework plugin before 1.6 for WordPress (CVE-2014-6444)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:t|ARGS_GET:text "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@contains /phpwhois/whois.php" \
"id:228130,chain,msg:'COMODO WAF: XSS vulnerabilities in Adsense-Click-Fraud-Monitoring 1.8.6 (CVE-2015-3998)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:query "@contains <" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith catgridpost.php" \
"id:228190,chain,msg:'COMODO WAF: XSS vulnerabilities in the WordPress plugin Catergory-grid-view-gallery v2.3.1 (CVE-2013-4117)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_COOKIES_NAMES "@contains wordpress" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:ID "@contains <" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@contains /views/notify.php" \
"id:228240,chain,msg:'COMODO WAF: XSS vulnerability in the Uploader Plugin 1.0.4 for WordPress (CVE-2013-2287)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-content/plugins/" \
"chain,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath"
SecRule ARGS_GET:notify "@within notif unnotif" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:blog "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith falha.php" \
"id:228250,chain,msg:'COMODO WAF: XSS vulnerability in the Bradesco Gateway plugin 2.0 for WordPress (CVE-2013-5916)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-content/plugins/" \
"chain,t:none,t:lowercase,t:urlDecodeUni,t:normalizePath"
SecRule REQUEST_URI "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith raf_form.php" \
"id:228260,chain,msg:'COMODO WAF: XSS vulnerability in the Recommend to a Friend plugin 1.0.2 for WordPress (CVE-2013-7276)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:current_url "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith /codebase/spreadsheet.php" \
"id:228300,chain,msg:'COMODO WAF: XSS vulnerability in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress (CVE-2013-6281)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,t:urlDecodeUni,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains <" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith installer.cleanup.php" \
"id:228310,chain,msg:'COMODO WAF: XSS vulnerability in the Duplicator plugin before 0.4.5 for WordPress (CVE-2013-4625)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:package "@contains <" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /assets/js/fasc-buttons/popup.php" \
"id:228750,chain,msg:'COMODO WAF: XSS vulnerability in wordpress plugin forget-about-shortcode-buttons v1.1.1 (CVE-2016-1000133)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:ver|ARGS_GET:ajaxurl "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith plugins/simpel-reserveren/edit.php" \
"id:228790,chain,msg:'COMODO WAF: XSS vulnerability in the wordpress plugin simpel-reserveren v3.5.2 (CVE-2016-1000149)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@rx \x22" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode"
SecRule ARGS_GET:itemid "@contains <" \
"id:228830,chain,msg:'COMODO WAF: XSS vulnerability in the pondol-carousel plugin v1.0 for WordPress (CVE-2016-1000145)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith pondol-carousel/pages/admin_create.php" \
"t:none,t:urlDecodeUni,t:normalizePath"
SecRule ARGS_GET:ajaxURL "@contains <" \
"id:228840,chain,msg:'COMODO WAF: XSS vulnerability in the simplified-content v1.0.0 for WordPress (CVE-2016-1000150)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith ooawpframework/js/ajax/ooaajax.js.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:formId "@rx \x22" \
"id:228850,chain,msg:'COMODO WAF: XSS vulnerability in the tidio-form v1.0 for WordPress (CVE-2016-1000152)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith tidio-form/popup-insert-help.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:media "@rx \x22" \
"id:228860,chain,msg:'COMODO WAF: XSS vulnerability in the s3-video v0.983 for WordPress (CVE-2016-1000148)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith views/video-management/preview_video.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:r "@rx \x22" \
"id:228870,chain,msg:'COMODO WAF: XSS vulnerability in the defa-online-image-protector v3.3 for WordPress (CVE-2016-1000129)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith defa-online-image-protector/redirect.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:page "@rx \x22" \
"id:228930,chain,msg:'COMODO WAF: XSS vulnerability in the recipes-writer v1.0.4 for WordPress (CVE-2016-1000147)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin-recipes.php" \
"t:none,t:lowercase,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith classes/extensions/managed-solr-servers/templates/template-my-accounts.php" \
"id:228970,chain,msg:'COMODO WAF: Reflected XSS in WordPress plugin wpsolr-search-engine v7.6 (CVE-2016-1000155)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page|ARGS_GET:tab "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith anti-plagiarism/js.php" \
"id:228980,chain,msg:'COMODO WAF: Reflected XSS in WordPress plugin anti-plagiarism v3.60 (CVE-2016-1000128)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:m "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:cs-all-0 "@contains '" \
"id:229380,chain,msg:'COMODO WAF: XSS vulnerability in Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress (CVE-2017-9419)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:search-class "@streq db_customsearch_widget-db_customsearch_widget" \
"t:none,t:lowercase"
SecRule &REQUEST_COOKIES_NAMES:wordpress_test_cookie "@ge 1" \
"id:229700,chain,msg:'COMODO WAF: XSS vulnerability in gift-certificate-creator v1.0 plugin for WordPress (CVE-2017-1002017)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:cc_sec_code "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:user_name|ARGS_POST:receip_name|ARGS_POST:receip_address "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith class.zlinkpreview.php" \
"id:229940,chain,msg:'COMODO WAF: XSS vulnerability in Z-URL Preview plugin 1.6.1 for WordPress (CVE-2017-18012)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:url "@contains <" \
"t:none,t:lowercase"
SecRule &REQUEST_COOKIES:bookly_cal_st_ids "@ge 1" \
"id:230160,chain,msg:'COMODO WAF: XSS vulnerability in WordPress Booking Plugin Lite before 14.5 (CVE-2018-6891)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:action "@streq bookly_session_save" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:full_name "@contains <" \
"t:none"
SecRule ARGS_POST:action "@streq fw_send_email" \
"id:230460,chain,msg:'COMODO WAF: XSS vulnerability in Multi Step Form plugin through 1.2.5 for WordPress (CVE-2018-14430)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:email|ARGS_POST:/^fw_data\[/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule &ARGS_POST:icl_post_action "@ge 1" \
"id:230760,chain,msg:'COMODO WAF: XSS vulnerability WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress (CVE-2018-18069)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginswith sitepress-multilingual-cms-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^locale_file_name_/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith getnetworksites.php" \
"id:227230,chain,msg:'COMODO WAF: XSS vulnerability in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress (CVE-2014-4517)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:search "@streq filter" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:searchString "@rx \'" \
"t:none,t:urlDecodeUni"
SecRule &ARGS_POST:bft_unsubscribe "@eq 1" \
"id:232140,chain,msg:'COMODO WAF: XSS vulnerability in Arigato Autoresponder and News letter 2.5.1.8 plugin for WordPress (CVE-2018-1002009)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:bft "@streq bft_unsubscribe" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:email "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:wpas_keys "@contains '" \
"id:225220,chain,msg:'COMODO WAF: SQL injection vulnerability in WP AutoSuggest plugin 0.24 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:wpas_action "@streq query" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq autosuggest.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:action "@contains fetch_posts" \
"id:232850,chain,msg:'COMODO WAF: XSS vulnerability exists in Flow-Flow Social Stream on or before 3.0.71 for Wordpress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:hash "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:action "@streq gallerybox" \
"id:232890,chain,msg:'COMODO WAF: XSS vulnerability exists in Photo gallery WD on or before 1.3.66 for Wordpress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:watermark_link "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:type "@streq auto" \
"id:233090,chain,msg:'COMODO WAF: XSS vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress (CVE-2015-1582)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:task "@streq registration" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:appid "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule ARGS_POST:action "@streq wphostel_ajax" \
"id:233140,chain,msg:'COMODO WAF: XSS vulnerability exists in Wordpress Hostel Plugin on or before 1.1.3 (CVE-2019-12345)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:contact_name|ARGS_POST:contact_phone "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule &ARGS_POST:cp_appbooking_id "@ge 1" \
"id:233270,chain,msg:'COMODO WAF: XSS vulnerability exists in Appointment Hour Booking Plugin v 1.1.35 or possibly below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:cp_appbooking_pform_process "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:/^fieldname\d/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule &ARGS_POST:wp_statistics_hit "@ge 1" \
"id:233410,chain,msg:'COMODO WAF: SQLi vulnerability in VeronaLabs wp-statistics plugin before 12.6.7 for WordPress (CVE-2019-13275)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:wp_statistics_hit[search_query]|ARGS_POST:wp_statistics_hit[page_uri] "@contains '" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /wp-json/wpstatistics/v1/hit" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule &ARGS_POST:cp_pform_psequence "@ge 1" \
"id:233530,chain,msg:'COMODO WAF: XSS vulnerability in Appointment Hour Booking plugin 1.1.44 for WordPress (CVE-2019-13505)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:/^cp_appbooking_/ "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:/^email_/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /swagger/swagger-config.yaml.php" \
"id:234230,chain,msg:'COMODO WAF: XSS vulnerability in api-bearer-auth plugin before 20190907 for WordPress (CVE-2019-16332)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule MATCHED_VAR "@contains /wp-content/plugins/" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:server "@contains <" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /images/checklist-icon.php" \
"id:234270,chain,msg:'COMODO WAF: Unauthenticated XSS vulnerability in Checklist Plugin of v1.1.5 or before for WordPress (CVE-2019-16525)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains wp-content/plugins/" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:fill "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:page "@streq download-plugins-dashboard" \
"id:234380,chain,msg:'COMODO WAF: XSS vulnerability in Download Plugins and Themes from Dashboard Plugin of v1.5.0 or before for WordPress (CVE-2019-17239)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/options-general.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:alg_download_plugins_dashboard_temp_dir|ARGS_POST:alg_download_plugins_dashboard_plugins_bulk_dir|ARGS_POST:alg_download_plugins_dashboard_themes_bulk_dir|ARGS_POST:alg_download_plugins_dashboard_plugins_single_zip_file_name|ARGS_POST:alg_download_plugins_dashboard_themes_single_zip_file_name "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /includes/iframe.php" \
"id:234490,chain,msg:'COMODO WAF: XSS vulnerability in 360-product-rotation plugin before 1.4.8 for WordPress (CVE-2019-15082)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule MATCHED_VAR "@contains /wp-content/plugins/" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:product_name|ARGS_GET:ga_label|ARGS_GET:ga_category|ARGS_GET:ga_tracking_id "@rx <|\x27" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:page "@streq wppcp-password-settings-page" \
"id:234161,chain,msg:'COMODO WAF: XSS vulnerability in wp-private-content-plus plugin before 2.0 for WordPress (CVE-2019-15816)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^wppcp_password_global/ "@rx \x22" \
"t:none,t:urlDecodeUni"
SecMarker IGNORE_SFS_SIG_WPPlugin_XSS_SQLi
SecRule ARGS "@contains .." \
"id:232330,msg:'COMODO WAF: Track same forbidden symbols to Ignore signature for WordPress Plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,setvar:'tx.lfi=1',nolog,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:LFI "@eq 0" \
"id:232331,phase:2,pass,nolog,t:none,skipAfter:'IGNORE_SFS_SIG_WPPlugin_LFI',rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:WordPress "@eq 0" \
"id:233000,msg:'COMODO WAF: Track unauthenticated request in WordPress plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'WPPlugin_Skip_URF_226460',rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule TX:WordPress "@eq 1" \
"id:226460,chain,msg:'COMODO WAF: Directory traversal vulnerability in the Pixabay Images plugin before 2.4 for WordPress (CVE-2015-1365)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:pixabay_upload "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:q "@contains .." \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:210130,chain,msg:'COMODO WAF: Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress (CVE-2015-5482)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains gdbbpress_attachments" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:tab "@contains .." \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230060,chain,msg:'COMODO WAF: Directory Traversal vulnerability in Media from FTP plugin 9.85 for WordPress (CVE-2018-5310)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:searchdir "@contains .." \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:page "@streq mediafromftp-search-register" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230230,chain,msg:'COMODO WAF: Directory traversal vulnerability in The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress (CVE-2017-15079)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:dir "@contains .." \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:action "@streq smush_get_directory_list" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:211100,chain,msg:'COMODO WAF: Directory Traversal vulnerability in WP Background Takeover Advertisements plugin before 4.1.5 for wordpress (CVE-2018-9118)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /exports/download.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:filename "@contains .." \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230470,chain,msg:'COMODO WAF: Directory Traversal vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress (CVE-2018-0588)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@beginsWith ultimatemember_" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:src "@contains .." \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@endsWith admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:210110,chain,msg:'COMODO WAF: Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart plugin for WordPress before 1.3.9.3 (CVE-2015-3301)||%{tx.domain}|%{tx.mode}|2',phase:2,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq checkout_editor_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:tcp_box_path "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226890,chain,msg:'COMODO WAF: Directory traversal vulnerability in the Easy2Map plugin before 1.2.5 for WordPress (CVE-2015-4616)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq easy2map" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:map_id "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232450,chain,msg:'COMODO WAF: Arbitrary File Download vulnerability in Ad Manager Plugin v1.0.11 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq wd_ads_ads" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:path "@contains .." \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232840,chain,msg:'COMODO WAF: Directory traversal vulnerability in Health Check & Troubleshooting plugin on or before 1.2.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq health-check-view-file-diff" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:file "@contains .." \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232880,chain,msg:'COMODO WAF: LFI vulnerability in Contact People plugin 3.2.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq people-contact" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:c_avatar "@contains .." \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233160,chain,msg:'COMODO WAF: Arbitrary File Delete vulnerability in Simple File List plugin v3.2.4 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ee-simple-file-list" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:eeDeleteFile[] "@contains .." \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233180,chain,msg:'COMODO WAF: Directory Traversal vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq post.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:file[icon] "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233750,chain,msg:'COMODO WAF: Directory Traversal vulnerability in WPS Child Themes Generator plugin 1.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wps-child-theme-generator" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/ectg_childtheme$/ "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234000,chain,msg:'COMODO WAF: LFI vulnerability exists in Shortcode Factory Plugin of v 2.8 or before for WordPress (CVE-2019-15322)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq scf_load_shortcode_ui" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:ui "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234500,chain,msg:'COMODO WAF: Local File Inclusion vulnerability in 10Web Photo Gallery plugin before 1.5.25 for WordPress (CVE-2019-14798)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq shortcode_bwg" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:tagtext "@contains ../" \
"t:none,t:urlDecodeUni"
SecMarker WPPlugin_Skip_URF_226460
SecRule ARGS_GET:s "@contains ../" \
"id:220650,chain,msg:'COMODO WAF: Directory traversal vulnerability in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress (CVE-2014-1907)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@rx \/ls\/rtmp_log(?:in|out)\.php$" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule REQUEST_URI "@contains includes/bookx_export.php" \
"id:221540,chain,msg:'COMODO WAF: Directory traversal vulnerability in BookX plugin 1.7 for WordPress (CVE-2014-4937 )||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,t:none,t:urlDecodeUni,t:cmdline,t:removeWhitespace,t:normalizePath,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:file "@beginsWith ../" \
"t:none,t:urlDecodeUni,t:cmdline,t:removeWhitespace,t:normalizePath"
SecRule REQUEST_URI "wp-content/plugins/tom-m8te/tom-download-file.php" \
"id:221810,chain,msg:'COMODO WAF: Directory traversal vulnerability in the Tom M8te plugin 1.5.3 for WordPress (CVE-2014-5187)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,t:normalizePath,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:file "@contains ../" \
"t:none,t:htmlEntityDecode,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endswith wp-content/plugins/wp-source-control/downloadfiles/download.php" \
"id:222350,chain,msg:'COMODO WAF: Directory traversal in the WP Content Source Control plugin 3.0.0 and earlier for WordPress (CVE-2014-5368)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:path "@contains ../" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalizePath"
SecRule REQUEST_FILENAME "@contains charts" \
"id:226990,chain,msg:'COMODO WAF: Multiple Directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress (CVE-2014-4940)||%{tx.domain}|%{tx.mode}|2',deny,status:403,t:none,t:lowercase,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule MATCHED_VAR "@pm treemap.php zoomabletreemap.php" \
"chain,t:none"
SecRule ARGS_GET:fn "@contains .." \
"t:none"
SecRule REQUEST_FILENAME "@endsWith download_audio.php" \
"id:227180,chain,msg:'COMODO WAF: Directory traversal vulnerability in the SE HTML5 Album Audio Player plugin 1.1.0 and earlier for WordPress (CVE-2015-4414)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:file "@contains .." \
"t:none,t:urlDecodeUni,t:normalizePath"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"id:228180,chain,msg:'COMODO WAF: Directory Traversal Vulnerability in the WordPress plugin Easy2map-photos v1.0.9 (CVE-2015-4617)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains .." \
"t:none"
SecRule ARGS_GET:file "@contains .." \
"id:228720,chain,msg:'COMODO WAF: Directory traversal vulnerability in XCloner plugin 3.1.1 for WordPress (CVE-2014-8606)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:task "@streq download" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page|ARGS_GET:option "@pm xcloner_show com_xcloner-backupandrestore" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@pm /wp-admin/admin-ajax.php /administrator/index.php" \
"t:none,t:lowercase,t:normalizePath"
SecRule REQUEST_FILENAME "@endsWith wechat/image.php" \
"id:230630,chain,msg:'COMODO WAF: Local File Inclusion vulnerability in Wechat Broadcast 1.2.0 Plugin for WordPress(CVE-2018-16283)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule MATCHED_VAR "@contains wp-content/plugins" \
"chain"
SecRule ARGS_GET:url "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:action "@streq revslider_show_image" \
"id:222050,chain,msg:'COMODO WAF: Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress (CVE-2014-9734)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,rev:8,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:img "@contains .." \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:action "@contains ../" \
"id:232730,chain,msg:'COMODO WAF: LFI and CSRF vulnerability in WebDorado Contact Form Builder plugin, 10Web Form Maker plugin before 1.13.5 for WordPress (CVE-2019-11557, CVE-2019-11590, CVE-2019-11591)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_POST:page "@contains ../" \
"id:232731,chain,msg:'COMODO WAF: LFI and CSRF vulnerability in 10Web Form Maker plugin before 1.13.5 for WordPress (CVE-2019-11590)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &ARGS_GET:eeSFL_ID "@ge 1" \
"id:233150,chain,msg:'COMODO WAF: Arbitrary File Download vulnerability in Simple File List plugin v3.2.4 or before WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:eeSFL_File "@contains .." \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq ee-download.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecMarker IGNORE_SFS_SIG_WPPlugin_LFI
SecRule &TX:ARGS_Non_Digit "@eq 0" \
"id:232340,msg:'COMODO WAF: Track same forbidden symbols to Ignore signature for WordPress plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'IGNORE_SFS_Non_Digit_WPPlugin',rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:WordPress "@eq 0" \
"id:233010,msg:'COMODO WAF: Track unauthenticated request in WordPress plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'WPPlugin_Skip_URF_220490',rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule TX:WordPress "@eq 1" \
"id:221420,chain,msg:'COMODO WAF: XSS vulnerability in the Meta Slider plugin 2.5 for WordPress (CVE-2014-4846)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq metaslider" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:221790,chain,msg:'COMODO WAF: SQL injection vulnerability in the Simple Retail Menus plugin before 4.1 for WordPress (CVE-2014-5183)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq jsrm-retail-menus" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:targetmenu "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:221800,chain,msg:'COMODO WAF: SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress (CVE-2014-5184)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq stripshow-storylines" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:story "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:221910,chain,msg:'COMODO WAF: SQL injection vulnerability in the HDW Player Plugin 2.4.2 for WordPress (CVE-2014-4939)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq enl-add-new" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:222150,chain,msg:'COMODO WAF: SQL injection vulnerability in BSK PDF Manager plugin 1.3.2 for WordPress (CVE-2014-4944)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bsk-pdf-manager" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:view "@streq edit" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:categoryid|ARGS_GET:pdfid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226260,chain,msg:'COMODO WAF: Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress (CVE-2015-2199)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq wonderplugin_audio_save_item" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:item[id] "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226261,chain,msg:'COMODO WAF: XSS and SQLi vulnerability in the WonderPlugin Audio Player plugin before 2.1 for WordPress (CVE-2015-2199, CVE-2015-2218)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm wonderplugin_audio_show_item wonderplugin_audio_show_items wonderplugin_audio_edit_item" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:itemid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226290,chain,msg:'COMODO WAF: XSS vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress (CVE-2015-1385)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@contains powerpress-editcategoryfeed" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:cat "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226300,chain,msg:'COMODO WAF: XSS vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress (CVE-2015-1436)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm easingslider_manage_customizations easingslider_edit_sliders" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:edit "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226570,chain,msg:'COMODO WAF: XSS vulnerability in the mTouch Quiz before 3.0.7 for WordPress (CVE-2014-100023)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq mtouch-quiz/question.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:quiz "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226620,chain,msg:'COMODO WAF: XSS vulnerability in the Pods plugin before 2.5 for WordPress (CVE-2014-7956)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pods" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226630,chain,msg:'COMODO WAF: XSS vulnerability in the Welcart e-Commerce plugin 1.3.12 for WordPress (CVE-2014-10016)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains usces_initial" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:purchase_limit "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226632,chain,msg:'COMODO WAF: XSS vulnerability in the Welcart e-Commerce plugin 1.3.12 for WordPress (CVE-2014-10016)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@contains shop_options_ajax" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:mode "@contains update_delivery_method" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:time|ARGS_POST:nocod|ARGS_POST:intl "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226720,chain,msg:'COMODO WAF: XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress (CVE-2014-7181)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq maxbuttons-controller" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:action "@streq button" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226730,chain,msg:'COMODO WAF: XSS vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress (CVE-2014-7138)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:gce_type "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:action "@streq gce_ajax" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:gce_feed_ids "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226760,chain,msg:'COMODO WAF: SQL injection vulnerability in Survey and Poll plugin 1.1.7 for WordPress (CVE-2015-2090)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@streq ajax_survey" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:survey_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226820,chain,msg:'COMODO WAF: SQL injection vulnerability in the Landing Pages plugin before 1.8.5 for WordPress (CVE-2015-4064)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:ab-action "@streq delete-variation" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:post "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226840,chain,msg:'COMODO WAF: SQLi vulnerability in the GigPress plugin before 2.3.9 for WordPress (CVE-2015-4066)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq gigpress/gigpress.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:show_artist_id|ARGS_POST:show_venue_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226850,chain,msg:'COMODO WAF: SQL injection vulnerability in the FeedWordPress plugin before 2015.0514 for WordPress (CVE-2015-4018)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq feedwordpress/syndication.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:link_ids[] "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226900,chain,msg:'COMODO WAF: SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress (CVE-2015-2196)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq spiderbigcalendar_month" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:cat_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226940,chain,msg:'COMODO WAF: XSS vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress (CVE-2014-7182)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-google-maps-menu" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:poly_id|ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227050,chain,msg:'COMODO WAF: XSS vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress (CVE-2014-9100)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq whydowork_adsense" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:idcode "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227440,chain,msg:'COMODO WAF: SQL injection vulnerability in the GB Gallery Slideshow plugin 1.5 for WordPress (CVE-2014-8375)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq gb_ajax_get_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:selected_group "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227590,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Pie Register plugin before 2.0.19 for WordPress (CVE-2015-7682)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pie-invitation-codes" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:select_invitaion_code_bulk_option|ARGS_POST:invi_del_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227670,chain,msg:'COMODO WAF: SQL Injection Vulnerability in the wp-championship plugin 5.8 for WordPress (CVE-2015-5308)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-championship/cs_admin_users.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:userid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227671,chain,msg:'COMODO WAF: SQL Injection Vulnerability in the wp-championship plugin 5.8 for WordPress (CVE-2015-5308)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-championship/cs_admin_users.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:user|ARGS_POST:mailservice|ARGS_POST:mailreceipt|ARGS_POST:isadmin|ARGS_POST:stellv|ARGS_POST:champtipp|ARGS_POST:tippgroup "@rx \W" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:227900,chain,msg:'COMODO WAF: XSS vulnerability in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress (CVE-2015-2065)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq rss" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:task "@streq video" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:vid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227910,chain,msg:'COMODO WAF: XSS vulnerability in the WordPress plugin Shareaholic before 7.6.1.0 (CVE-2014-9311)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:location[id] "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:228380,chain,msg:'COMODO WAF: SQL injection vulnerability in Quartz plugin 1.01.1 for WordPress(CVE-2014-5185)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains quote_form.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:quote "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:228680,chain,msg:'COMODO WAF: XSS vulnerabilitiy in the Pods plugin before 2.5 for WordPress (CVE-2014-7957)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pods-components" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:toggled "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:225090,chain,msg:'COMODO WAF: SQL injection vulnerability in WordPress plugin Count per day 3.4 (CVE-2015-5533)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:collect "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq count-per-day/counter-options.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:cpd_keep_month "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229290,chain,msg:'COMODO WAF: Directory traversal vulnerability in Booking Calendar version 7.0 and earlier (CVE-2017-2150)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS:wpbc_nonce "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:captcha_chalange "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229330,chain,msg:'COMODO WAF: SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress (CVE-2017-9418)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq sfstst_manage" \
"chain,t:none,t:lowercase"
SecRule ARGS:mode "@streq sfststedit" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS:testid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229340,chain,msg:'COMODO WAF: SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress (CVE-2017-9603)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpjobsjobapps" \
"chain,t:none,t:lowercase"
SecRule ARGS:post_type "@streq job" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/edit.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS:jobid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229350,chain,msg:'COMODO WAF: SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress (CVE-2017-9429)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq el_admin_main" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:action "@streq edit" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229470,chain,phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq easy-modal" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:/id\[\d+\]/ "@rx \D" \
"t:none"
SecRule TX:WordPress "@ge 1" \
"id:229480,chain,msg:'COMODO WAF: SQL injection vulnerability in Web-Dorado Photo Gallery by WD - Responsive Photo Gallery plugin before 1.3.51 for WordPress (CVE-2017-12977)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@streq bwg_edit_tag" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:tag_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229560,chain,msg:'COMODO WAF: SQL injection vulnerability in the image-gallery-with-slideshow v1.5.2 for WordPress (CVE-2017-1002014)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq gallery_with_slideshow" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:gid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229570,chain,msg:'COMODO WAF: SQL injection vulnerability in the Easy Team Manager v1.3.2 for WordPress (CVE-2017-1002023)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq easy_team_manager_desc_list" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:team_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229640,chain,msg:'COMODO WAF: SQLi vulnerability in Content Timeline plugin 4.4.2 for WordPress (CVE-2017-14507)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page|ARGS_GET:action "@pm contenttimeline ctimeline_frontend_get" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@within admin.php admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id|ARGS_GET:timeline "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229660,chain,msg:'COMODO WAF: SQL injection vulnerability in the event-espresso-free v3.1.37.12.L for WordPress (CVE-2017-14760)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq events" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:action "@streq delete_recurrence_series" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:recurrence_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229670,chain,msg:'COMODO WAF: SQL injection vulnerability in Event Expresso Free v3.1.37.11.L plugin for WordPress (CVE-2017-1002026)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq event_categories" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229680,chain,msg:'COMODO WAF: SQL injection vulnerability in Responsive Image Gallery plugin before 1.2.1 for WordPress (CVE-2017-14125)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpdevart_gallery_themes" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229690,chain,msg:'COMODO WAF: SQL injection vulnerability in WPHRM Human Resource Management System for WordPress 1.0 (CVE-2017-14848)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:hr-dashboard "@streq user" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@within message user" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@within view_message view_employee" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id|ARGS_GET:employee_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229720,chain,msg:'COMODO WAF: SQL injection vulnerability in Mojoomla WPAMS Apartment Management System for WordPress (CVE-2017-14847)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:apartment-dashboard "@streq user" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq message" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@streq view_message" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229730,chain,msg:'COMODO WAF: SQL injection vulnerability in the Mojoomla WPCHURCH Church Management System for WordPress (CVE-2017-14845)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:church-dashboard "@streq user" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@streq view_message" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229740,chain,msg:'COMODO WAF: SQL injection vulnerability in the rk-responsive-contact-form v1.0 for WordPress (CVE-2017-1002027)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq rk_user_lists" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:info "@streq del" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:did "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229750,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in WpJobBoard v4.5.1 web-application for WordPress (CVE-2017-15375)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within wpjb-email wpjb-memberships" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:action "@streq edit" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229850,chain,msg:'COMODO WAF: XSS vulnerability in the Ultimate Addons For Visual Composer before 3.16.11 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq update_ultimate_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:ultimate_smooth_scroll_options[step] "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229900,chain,msg:'COMODO WAF: SQL injection vulnerability in surveys v1.01.8 for WordPress (CVE-2017-1002020, CVE-2017-1002021, CVE-2017-1002022)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq edit.php" \
"chain,t:none,t:lowercase"
SecRule ARGS:survey "@rx \D" \
"chain,t:none"
SecRule ARGS_GET:page "@rx ^surveys\/(?:question(?:_form)?|(show_)?(?:individual_)?(?:responses?)|survey(?:_form)?)\.php$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:229930,chain,msg:'COMODO WAF: SQL Injection vulnerability in Oturia Smart Google Code Inserter plugin before 3.5 for WordPress (CVE-2018-3811)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq smartcode" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^oId\[/ "@rx \D" \
"t:none"
SecRule &TX:WordPress "@ge 1" \
"id:230100,chain,msg:'COMODO WAF: SQL Injection vulnerability in Dbox 3D Slider Lite plugin through 1.2.2 for WordPress (CVE-2018-5374)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq dboxlite-slider-admin" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:current_slider_id "@rx \D" \
"t:none"
SecRule &TX:WordPress "@ge 1" \
"id:230110,chain,msg:'COMODO WAF: SQL Injection vulnerability in Testimonial Slider plugin through 1.2.4 for WordPress (CVE-2018-5372)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq testimonial-slider-admin" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_POST:current_slider_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230210,chain,msg:'COMODO WAF: SQL Injection vulnerability in CP Contact Form with PayPal plugin 1.1.5 for WordPress (CVE-2015-9234)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cp_contact_form_paypal" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:cp_contactformpp_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230360,chain,msg:'COMODO WAF: SQL Injection vulnerability in Quick Chat plugin before 4.00 for WordPress (CVE-2018-12534)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@endsWith admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@streq quick-chat-ajax-delete" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:to_delete_ids[] "@rx \D" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230560,chain,msg:'COMODO WAF: XSS and SQLi vulnerability in Gift Vouchers plugin 2.0.1 and before for WordPress (CVE-2018-16159, CVE-2018-16609, CVE-2018-16610 and CVE-2018-16611)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq new-voucher-template" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@within admin.php edit.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:template_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230561,chain,msg:'COMODO WAF: SQLi vulnerability in Gift Vouchers plugin through 2.0.1 for WordPress (CVE-2018-16159)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wpgv_doajax_front_template" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:template_id "@rx \D" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:210880,chain,msg:'COMODO WAF: SQL injection vulnerability in Mojoomla Hospital Management System for WordPress (CVE-2017-14846)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:from "@streq inbox" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@streq view_message" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq message" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230980,chain,msg:'COMODO WAF: XSS vulnerability in Restrict User Access WordPress Plugin 1.0.1||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wprua-edit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:page|ARGS_POST:duration[count] "@rx \D" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:230990,chain,msg:'COMODO WAF: XSS vulnerability in Custom Field Suite plugin 2.5.12 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:post_type "@streq cfs" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:cfs[extras][order] "@rx \D" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232050,chain,msg:'COMODO WAF: XSS vulnerability Charitable - Donation Plugin 1.6.6 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq charitable_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:charitable_settings[general][decimal_count] "@rx \D" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232240,chain,msg:'COMODO WAF: XSS vulnerability in Strong Testimonials plugin 2.3.14 and below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq wpm-testimonial" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232260,chain,msg:'COMODO WAF: XSS vulnerability in Ultimate Form Builder Lite versions 1.3.7 and below plugin for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ufbl" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:form_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232310,chain,msg:'COMODO WAF: XSS vulnerability in YOP POLL Plugin v6.0.2 for WordPress (CVE-2019-9914)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq yop-polls" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:poll_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232350,chain,msg:'COMODO WAF: XSS vulnerability in Font Organizer plugin 2.1.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq font-setting-admin" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:manage_font_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232360,chain,msg:'COMODO WAF: SQL vulnerability in WordPress Booking Calendar Plugin v8.4.3 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq trash_restore" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:booking_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232370,chain,msg:'COMODO WAF: XSS vulnerability in Quiz and Survey Master Plugin v6.0.4 for WordPress (CVE-2019-9575)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq mlw_quiz_results" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:quiz_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232440,chain,msg:'COMODO WAF: SQLi vulnerability in Forminator Contact Form, Poll Quiz Builder plugin before 1.6 for WordPress (CVE-2019-9568)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq forminator-entries" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:entry[] "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:222280,chain,msg:'COMODO WAF: XSS vulnerability in the WebEngage plugin before 2.0.1 for WordPress (CVE-2014-4574)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq resize.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:height "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227930,chain,msg:'COMODO WAF: Arbitrary Code Execution in the Cool Video Gallery plugin 1.9 for WordPress (CVE-2015-7527)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cvg-gallery-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:cvg_preview_width|ARGS_POST:cvg_preview_height "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:221220,chain,msg:'COMODO WAF: SQL injection vulnerability in the Booking System (Booking Calendar) plugin before 1.3 for WordPress (CVE-2014-3210)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:booking_form_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:221940,chain,msg:'COMODO WAF: SQL injection vulnerability in the HDW Player Plugin 2.4.2 for WordPress (CVE-2014-5180)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:opt "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq videos" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227320,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress (CVE-2014-6242)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq aiowpsec" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:orderby|ARGS_GET:order "!@rx ^\w+$" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227420,chain,msg:'COMODO WAF: SQL injection vulnerability in the BulletProof Security plugin before .51.1 for WordPress (CVE-2014-7959)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith htaccess/bpsunlock.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:tableprefix "!@rx ^\w+$" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227520,chain,msg:'COMODO WAF: SQL injection vulnerability in the Users Ultra plugin before 1.5.16 for WordPress (CVE-2015-4109)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq rating_vote" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:data_target "!@rx ^\w+$" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227580,chain,msg:'COMODO WAF: Absolute path traversal vulnerability in the Font plugin before 7.5.1 for WordPress (CVE-2015-7683)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq ajaxproxy.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@streq cross_domain_request" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:url "@beginsWith /" \
"t:none,t:urlDecodeUni,t:removeWhitespace"
SecRule TX:WordPress "@eq 1" \
"id:227620,chain,msg:'COMODO WAF: SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress (CVE-2015-0894)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm aiowpsec aiowpsec_userlogin aiowpsec_firewall aiowpsec_spam" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:orderby "@rx \W" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227960,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Collne Welcart plugin before 1.5.3 for WordPress (CVE-2015-7791)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq usces_memberlist" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:switch "!@rx ^[\w-]+$" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227961,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Collne Welcart plugin before 1.5.3 for WordPress (CVE-2015-7791)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq usces_memberlist" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:search[column] "!@rx ^[\w-]+$" \
"t:none"
SecRule &TX:WordPress "@eq 1" \
"id:229270,chain,msg:'COMODO WAF: SQL injection in Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress (CVE-2017-7719)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq spidercalendar" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:order_by "@rx \W" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:229460,chain,msg:'COMODO WAF: SQL injection vulnerability in the Podlove Podcast Publisher plugin 2.5.3 for WordPress (CVE-2017-12949)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq podlove_contributor_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:orderby "@rx \W" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230340,chain,msg:'COMODO WAF: SQLi vulnerability in The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress (CVE-2018-12636)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq itsec-logs" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:orderby "@rx \W" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230500,chain,msg:'COMODO WAF: SQLi vulnerability in WP Support Plus Responsive Ticket System plugin 9.0.2 and earlier for WordPress (CVE-2018-1000131)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wpsp_get_tickets" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:filter[order_by] "!@rx ^[\w\.]+$" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232190,chain,msg:'COMODO WAF: SQL injection vulnerability in WP Google Map Plugin 4.0.4 and below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpgmp_manage_location" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:orderby|ARGS_GET:order "@rx \W" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232490,chain,msg:'COMODO WAF: XSS vulnerability in social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 plugin for WordPress (CVE-2019-9911)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nxssnap-reposter" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:item "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232510,chain,msg:'COMODO WAF: XSS vulnerability in King Composer Plugin v2.x for WordPress (CVE-2019-9910)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq kc-mapper" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232530,chain,msg:'COMODO WAF: XSS vulnerability in Acurax-social-media-widget plugin before 3.2.6 for WordPress (CVE-2018-6357)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq acx_asmw_saveorder" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:recordsArray[] "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232750,chain,msg:'COMODO WAF: XSS vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress (CVE-2014-2333)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq lazyest-gallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:lazyest-gallery[thumbwidth]|ARGS_POST:lazyest-gallery[thumbheight]|ARGS_POST:lazyest-gallery[thumbs_page]|ARGS_POST:lazyest-gallery[folders_page]|ARGS_POST:lazyest-gallery[folders_columns]|ARGS_POST:lazyest-gallery[pictwidth]|ARGS_POST:lazyest-gallery[pictheight]|ARGS_POST:lazyest-gallery[thumbs_columns] "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232810,chain,msg:'COMODO WAF: XSS vulnerability in Donation Plugin and Fundraising Platform (give) plugin for WordPress (CVE-2019-9909)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq give-tools" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:csv "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232820,chain,msg:'COMODO WAF: XSS vulnerability in Duplicate Page plugin 3.3 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq dt_duplicate_post_as_draft" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:post "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233300,chain,msg:'COMODO WAF: XSS exists in Watu Quiz Plugin of v3.1.2.5 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq watu_question" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:quiz "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233600,chain,msg:'COMODO WAF: SQLi Vulnerability in WPEverest Everest Forms plugin through 1.4.9 for WordPress (CVE-2019-13575)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq evf-entries" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:orderby "@rx \W" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233620,chain,msg:'COMODO WAF: SQLi Vulnerability in 10Web Photo Gallery plugin before 1.5.31 for WordPress (CVE-2019-14313)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within albums_bwg galleries_bwg" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:orderby|ARGS:order "@rx \W" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233640,chain,msg:'COMODO WAF: SQLi Vulnerability in Adenion Blog2Social plugin through 5.5.0 for WordPress (CVE-2019-13572)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq b2s_sort_data" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^b2sSort/|ARGS_POST:b2sSchedDate|ARGS_POST:b2sUserLang "@rx \W" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233870,chain,msg:'COMODO WAF: SQL injection exists in Joomsport - for Sports: Team and League, Football, Hockey and more Plugin of v 3.3 or before for WordPress (CVE-2019-14348)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq playerlist" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:sid "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233900,chain,msg:'COMODO WAF: SQL injection vulnerability in Restaurant Reservations 1.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nd-restaurant-reservations-settings-orders" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:edit_order_id|ARGS_POST:nd_rst_order_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233910,chain,msg:'COMODO WAF: SQL injection vulnerability in WP Booking System plugin v1.5.1.1 for WordPress(CVE-2019-12239)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-booking-system" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:id|ARGS:calendarID|ARGS:wpbs_booking_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233920,chain,msg:'COMODO WAF: SQL injection vulnerability in Booking 2.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nd-booking-settings-orders" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:edit_order_id|ARGS_POST:nd_booking_order_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234090,chain,msg:'COMODO WAF: SQL vulnerability exists in AjdG AdRotate Plugin of v 5.2 or before for WordPress (CVE-2019-13570)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq adrotate-ads" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:ad "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234120,chain,msg:'COMODO WAF: XSS vulnerability exists in Gallery PhotoBlocks Plugin of v 1.1.33 or before for WordPress (CVE-2019-15829)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq photoblocks-edit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234240,chain,msg:'COMODO WAF: SQLi vulnerability exists in Quiz Tool Lite Plugin of v 2.3.13 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ai-quiz-question-list" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:potID "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234250,chain,msg:'COMODO WAF: SQLi vulnerability exists in Quiz Tool Lite Plugin of v 2.3.13 or before for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within ai-quiz-results ai-quiz-boundaries ai-quiz-quiz-edit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:quizID "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234340,chain,msg:'COMODO WAF: SQLi vulnerability in NextGEN Gallery plugin before 3.2.10 for WordPress (CVE-2019-14314)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:photocrati_ajax "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:action "@streq get_displayed_gallery_entities" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:displayed_gallery[order_by] "@rx \W" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234350,chain,msg:'COMODO WAF: SQLi vulnerability in new-contact-form-widget plugin before 1.0.9 for WordPress (CVE-2019-17072)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cfw-all-queries" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234510,chain,msg:'COMODO WAF: XSS vulnerability in CP Contact Form with PayPal plugin before 1.2.99 for WordPress (CVE-2019-14785)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cp_contact_form_paypal.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:cp_contactformpp_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234540,chain,msg:'COMODO WAF: SQLi vulnerability in 10Web Photo Gallery Plugin of v 1.5.35 or before for WordPress (CVE-2019-16119)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq albumsgalleries_bwg" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:album_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234570,chain,msg:'COMODO WAF: SQLi vulnerability in GiveWP Give plugin through 2.5.0 for WordPress (CVE-2019-13578)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq give_forms" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:orderby|ARGS_GET:order "@rx \W" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234620,chain,msg:'COMODO WAF: SQLi vulnerability in Deepwoods Software WebLibrarian 3.5.2 and earlier for WordPress (CVE-2019-1010034)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq weblib-circulation-desk" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:orderby|ARGS_GET:order "@rx \W" \
"t:none,t:urlDecodeUni"
SecMarker WPPlugin_Skip_URF_220490
SecRule REQUEST_FILENAME "@endsWith /wp-content/plugins/feedweb/widget_remove.php" \
"id:220260,chain,msg:'COMODO WAF: Gain privileges vulnerability in EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 (CVE-2013-3720)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:lowercase,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:wp_post_id "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith /wp-content/plugins/spiffy/playlist.php" \
"id:220330,chain,msg:'COMODO WAF: SQL injection vulnerability in the Spiffy XSPF Player plugin 0.1 for WordPress (CVE-2013-3530)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:lowercase,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:playlist_id "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@contains js/ta_loaded.js.php" \
"id:220370,chain,msg:'COMODO WAF: XSS vulnerability in the Traffic Analyzer plugin 3.3.2 and earlier for WordPress (CVE-2013-3526)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:lowercase,t:urlDecodeUni,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:aoid "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith /wp-content/plugins/formcraft/form.php" \
"id:220390,chain,msg:'COMODO WAF: SQL injection vulnerability in the FormCraft plugin 1.3.7 and earlier for WordPress (CVE-2013-7187)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule ARGS:playid "@rx \D" \
"id:220670,chain,msg:'COMODO WAF: SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress (CVE-2013-3478)||%{tx.domain}|%{tx.mode}|2',deny,status:403,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "index\.php" \
"chain"
SecRule ARGS_NAMES "page_i"
SecRule REQUEST_FILENAME "@contains contactme" \
"id:221250,chain,msg:'COMODO WAF: XSS vulnerability in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress (CVE-2014-4518)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule MATCHED_VAR "@endswith wp-content/plugins/contactme/xd_resize.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:height|ARGS_GET:width "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith wu-ratepost.php" \
"id:222180,chain,msg:'COMODO WAF: XSS vulnerability in the Wu-Rating plugin 1.0 12319 and earlier for WordPress (CVE-2014-4601)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:v "@rx \D"
SecRule REQUEST_FILENAME "@endsWith picasa_upload.php" \
"id:222200,chain,msg:'COMODO WAF: XSS vulnerability in the WP-Picasa-Image plugin 1.0 and earlier for WordPress (CVE-2014-4591)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_id "@rx \D"
SecRule REQUEST_FILENAME "@contains mobiloud-mobile-app-plugin/post/post.php" \
"id:222340,chain,msg:'COMODO WAF: XSS vulnerability in the Mobiloud plugin before 2.3.8 for WordPress (CVE-2014-5344)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_id "@rx \D"
SecRule ARGS_GET:cid "@ge 1" \
"id:226880,chain,msg:'COMODO WAF: SQL injection vulnerability in WP Symposium plugin before 15.4 for WordPress (CVE-2015-3325)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:show "@rx \D" \
"chain,t:none"
SecRule ARGS_GET:page_id "@ge 1" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith simple-ads-manager/sam-ajax.php" \
"id:226930,chain,msg:'COMODO WAF: Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress (CVE-2015-2824)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq sam_hits" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:/hits\[\d+]\[\d*]/ "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith simple-ads-manager/sam-ajax-admin.php" \
"id:226931,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress (CVE-2015-2824)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq load_users" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:subscriber|ARGS_POST:contributor|ARGS_POST:author|ARGS_POST:editor|ARGS_POST:admin "!@rx ^[a-z]+$" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith simple-ads-manager/sam-ajax-admin.php" \
"id:226932,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress (CVE-2015-2824)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq load_users" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:sadmin "!@streq Super Admin" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith simple-ads-manager/sam-ajax-admin.php" \
"id:226933,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress (CVE-2015-2824)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq load_posts" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:cstr "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith simple-ads-manager/sam-ajax-admin.php" \
"id:226934,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress (CVE-2015-2824)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq load_combo_data" \
"chain"
SecRule ARGS_GET:searchTerm "!@rx ^\w+$" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith wp-powerplaygallery/upload.php" \
"id:226950,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the the Powerplay Gallery plugin 3.3 for WordPress (CVE-2015-5599)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:albumid "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith wp-symposium/get_album_item.php" \
"id:226960,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the WP Symposium plugin before 15.8 for WordPress (CVE-2015-6522)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:size "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith sp-client-document-manager/ajax.php" \
"id:227020,chain,msg:'COMODO WAF: SQL injection vulnerabilities in SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress (CVE-2014-9178)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:function "@pm download-project download-archive remove-category email-vendor" \
"chain,t:none"
SecRule ARGS_POST:vendor_email[]|ARGS_GET:id "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith google-document-embedder/view.php" \
"id:227040,chain,msg:'COMODO WAF: SQL injection vulnerability in the Google Doc Embedder plugin before 2.5.15 for WordPress (CVE-2014-9173)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:embedded "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:gpid "@rx \D" \
"t:none"
SecRule ARGS_GET:dex_reservations_calendar_load2 "@eq 1" \
"id:227610,chain,msg:'COMODO WAF: SQL Injection vulnerabilities in the plugin CP Reservation Calendar plugin before 1.1.7 for WordPress (CVE-2015-7235)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:id "!@streq Rcalender1" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:cpmvc_do_action "@streq mvparse" \
"id:227780,chain,msg:'COMODO WAF: SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress (CVE-2014-8586)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:calid "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith ss_handler.php" \
"id:228350,chain,msg:'COMODO WAF: SQL injection in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress (CVE-2014-8363)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:ss_id "@rx \D" \
"t:none"
SecRule ARGS_GET:msg "@streq imported" \
"id:243410,chain,msg:'COMODO WAF: XSS vulnerability in WordPress plugin enhanced-tooltipglossary v3.2.8 (CVE-2016-1000132)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith backend/views/admin_importexport.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath"
SecRule ARGS_GET:itemsnumber "@rx \D" \
"t:none"
SecRule ARGS:action "@streq ufbl_front_form_action" \
"id:229870,chain,msg:'COMODO WAF: SQL injection in ultimate-form-builder-lite plugin before 1.3.7 for WordPress (CVE-2017-15919)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:_wpnonce "@ge 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_POST:/^form_data\[\d+\]\[name\]$/ "@streq form_id" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^form_data\[\d+\]\[value\]$/ "@rx \D" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith proxy.php" \
"id:221930,chain,msg:'COMODO WAF: Absolute path traversal vulnerability in Cross-RSS plugin 1.7 for WordPress (CVE-2014-4941)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,t:removeWhitespace,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:rss "@beginsWith /" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@contains contact/edit.php" \
"id:222230,chain,msg:'COMODO WAF: XSS vulnerability in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress (CVE-2014-4600)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:removeWhitespace,t:lowercase,t:htmlEntityDecode,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:contact|ARGS_GET:listname "@rx \W" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"
SecRule REQUEST_FILENAME "@contains mysqldump_download" \
"id:228000,chain,msg:'COMODO WAF: Absolute path traversal vulnerability in the WordPress Rename plugin 1.0 for WordPress (CVE-2015-4703)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:dumpfname "@beginsWith /" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@contains include/user/download" \
"id:228030,chain,msg:'COMODO WAF: Absolute path traversal vulnerability in the Swim Team plugin 1.44.10777 for WordPress (CVE-2015-5471)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:file "@beginsWith /" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /includes/download.php" \
"id:228140,chain,msg:'COMODO WAF: Remote file download vulnerability in WordPress plugin wp-ecommerce-shop-styling before v2.5 (CVE-2015-5468)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:filename "@contains /" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:filename "!@endsWith .pdf" \
"t:none,t:lowercase,t:urlDecodeUni"
SecRule ARGS_GET:filepath "@beginsWith /" \
"id:228950,chain,msg:'COMODO WAF: Remote file download vulnerability in the simple-image-manipulator v1.0 for WordPress (CVE-2015-1000010)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith simple-image-manipulator/controller/download.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:file_link "@beginsWith /" \
"id:228990,chain,msg:'COMODO WAF: Remote file download vulnerability in recent-backups v0.7 plugin for WordPress (CVE-2015-1000006)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith recent-backups/download-file.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule REQUEST_BASENAME "@streq popup-insert-help.php" \
"id:229010,chain,msg:'COMODO WAF: Reflected XSS in WordPress plugin tidio-gallery v1.1 (CVE-2016-1000153)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:galleryId "@rx \W" \
"t:none"
SecRule ARGS_GET:url "@beginsWith /" \
"id:229060,chain,msg:'COMODO WAF: Remote file download vulnerability in wptf-image-gallery v1.03 for WordPress (CVE-2016-1000007)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith lib-mbox/ajax_load.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith wp-admin/admin.php" \
"id:230330,chain,msg:'COMODO WAF: SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress (CVE-2018-10969)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pie-invitation-codes" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_GET:orderby "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:order "@rx \W" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:page "@streq disqus" \
"id:232580,chain,msg:'COMODO WAF: XSS vulnerability in Disqus Comment System plugin before 2.76 for WordPress (CVE-2014-5347)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:disqus_public_key|ARGS_POST:disqus_secret_key "@rx \W" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/edit-comments.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"id:233100,chain,msg:'COMODO WAF: SQL Injection vulnerabilities in the plugin CP Reservation Calendar plugin before 1.1.7 for WordPress (CVE-2015-7235)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:dex_item "@rx \D" \
"t:none"
SecRule ARGS_GET:type "@streq get_result" \
"id:233860,chain,msg:'COMODO WAF: SQL Injection exists in Viral Quiz Maker - OnionBuzz plugin of v 1.2.1 or before for WordPress (CVE-2019-14231)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq ob_get_results" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:points "@rx \D" \
"t:none"
SecRule ARGS_POST:action "@within refresh_scheme add_to_cart" \
"id:234030,chain,msg:'COMODO WAF: XSS vulnerability exists in Book a Place Plugin v 0.7.1 or possibly below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:event_id "@rx \D" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin-ajax.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &ARGS_POST:quiz_type "@eq 1" \
"id:234580,chain,msg:'COMODO WAF: SQLi vulnerability in Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress (CVE-2019-14230)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq ob_get_results" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:points "@rx \D" \
"t:none"
SecRule ARGS_POST:action "@streq ob_question_votes" \
"id:234581,chain,msg:'COMODO WAF: SQLi vulnerability in Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress (CVE-2019-14230)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:type "@streq set_count" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:id "@rx \D" \
"t:none"
SecMarker IGNORE_SFS_Non_Digit_WPPlugin
SecRule &TX:WordPress "@eq 0" \
"id:233020,msg:'COMODO WAF: Track unauthenticated request in WordPress plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'WPPlugin_Skip_URF_227561',rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:230150,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq acurax-social-widget-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"setvar:'SESSION.wp_acx_asmw=1',expirevar:'SESSION.wp_acx_asmw=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230151,chain,msg:'COMODO WAF: CSRF vulnerability in Acurax-social-media-widget plugin before 3.2.6 for WordPress (CVE-2018-6357)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq acx_asmw_saveorder" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_acx_asmw "!@eq 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:220210,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains sharethis.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.sharethis=1',expirevar:'SESSION.sharethis=300',t:none,t:lowercase"
SecRule SESSION:sharethis "@eq 1" \
"id:220211,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:220212,chain,msg:'COMODO WAF: CSRF vulnerability in the ShareThis plugin before 7.0.6 for WordPress (CVE-2013-3479)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:st_widget "@ge 1" \
"chain,t:none"
SecRule REQUEST_FILENAME "@contains index.php" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:220290,chain,phase:2,pass,nolog,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cart66-products" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.cart66=1',expirevar:'SESSION.cart66=300',t:none,t:lowercase"
SecRule SESSION:cart66 "@eq 1" \
"id:220291,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:220292,chain,msg:'COMODO WAF: CSRF vulnerability in the Cart66 Lite plugin before 1.5.1.15 for WordPress (CVE-2013-5977)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:cart66-action "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq cart66-products" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:220320,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bw-videos" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wrench=1',expirevar:'SESSION.wrench=300',t:none,t:lowercase"
SecRule SESSION:wrench "@eq 1" \
"id:220321,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:220322,chain,msg:'COMODO WAF: CSRF vulnerability in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress (CVE-2013-6797)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bw-videos" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@streq save" \
"t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:221000,chain,msg:'COMODO WAF: XSS and open redirect vulnerabilities in the WP Symposium plugin 13.04 and earlier for WordPress (CVE-2013-2695, CVE-2013-2694)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS:u "@gt 0" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith invite.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@contains /plugins/" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:221130,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq xcloner_show" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq GET" \
"setvar:'SESSION.wp_xcloner=1',expirevar:'SESSION.wp_xcloner=300'"
SecRule SESSION:wp_xcloner "@eq 1" \
"id:221131,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:221132,chain,msg:'COMODO WAF: CSRF vulnerability in the XCloner plugin before 3.1.1 for WordPress (CVE-2014-2340)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq xcloner_show" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:task "@streq generate" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:option "@streq com_cloner" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:221140,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq post.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.tiny=1',expirevar:'SESSION.tiny=300',t:none,t:lowercase"
SecRule SESSION:tiny "@eq 1" \
"id:221141,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:221142,chain,msg:'COMODO WAF: CSRF vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress (CVE-2014-3845)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:value[] "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:option "@streq tinymce_cp__colors" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@streq tinymce_cp__update_option" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:221150,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq mail-on-update" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq GET" \
"setvar:'SESSION.mail=1',expirevar:'SESSION.mail=300'"
SecRule SESSION:mail "@eq 1" \
"id:221151,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:221152,chain,msg:'COMODO WAF: CSRF vulnerability in the Login With Ajax plugin before 3.1 for WordPress (CVE-2013-2107)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:mailonupdate_mailto "@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq mail-on-update" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:221160,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wordpress-simple-paypal-shopping-cart/wp_shopping_cart.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_paypal=1',expirevar:'SESSION.wp_paypal=300',t:none,t:lowercase"
SecRule SESSION:wp_paypal "@eq 1" \
"id:221161,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:221162,chain,msg:'COMODO WAF: CSRF vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress (CVE-2013-2705)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:info_update "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wordpress-simple-paypal-shopping-cart/wp_shopping_cart.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:221170,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp125_addedit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_add=1',expirevar:'SESSION.wp_add=300',t:none,t:lowercase"
SecRule SESSION:wp_add "@eq 1" \
"id:221171,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:221172,chain,msg:'COMODO WAF: CSRF vulnerability in the WP125 plugin before 1.5.0 for WordPress (CVE-2013-2700)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:adname "@eq 1" \
"chain"
SecRule &ARGS_POST:adtarget "@eq 1" \
"chain"
SecRule &ARGS_POST:adimage "@eq 1" \
"chain"
SecRule ARGS_GET:page "@streq wp125_addedit" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:221210,chain,phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq extend_search" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wpse=1',expirevar:'SESSION.wpse=300',t:none,t:lowercase"
SecRule SESSION:wpse "@eq 1" \
"id:221211,phase:2,pass,nolog,skip:1,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_session "@ge 1" \
"id:221212,chain,msg:'COMODO WAF: CSRF vulnerability in the Search Everything plugin before 8.1.1 for WordPress (CVE-2014-3843) ||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq extend_search" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wpse "@eq 0" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"id:221961,chain,phase:2,pass,nolog,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.backend=1',expirevar:'SESSION.backend=300',t:none,t:lowercase"
SecRule SESSION:backend "@eq 1" \
"id:221962,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq post" \
"id:221963,chain,msg:'COMODO WAF: CSRF vulnerability in the Improved user search plugin before 1.2.5 for WordPress (CVE-2014-5196)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains improved-user-search-in-backend" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:backend "!@eq 1" \
"chain"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"id:222010,chain,phase:2,pass,nolog,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.ref=1',expirevar:'SESSION.ref=300',t:none,t:lowercase"
SecRule SESSION:ref "@eq 1" \
"id:222011,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq post" \
"id:222012,chain,msg:'COMODO WAF: CSRF vulnerability in the WordPress File Upload plugin before 2.4.2 for WordPress (CVE-2014-5199)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wordpress_file_upload" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:action "@streq edit_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:ref "!@eq 1" \
"chain"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/edit-comments.php" \
"id:222212,chain,phase:2,pass,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.backend=1',expirevar:'SESSION.backend=300',t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"id:222214,chain,msg:'COMODO WAF: CSRF vulnerability in Disqus Comment System plugin before 2.76 for WordPress (CVE-2014-5347)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains disqus" \
"chain,t:none,t:lowercase"
SecRule &SESSION:backend "!@eq 1" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/edit-comments.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:226380,chain,msg:'COMODO WAF: Upload URL vulnerability in Pixabay Images plugin before 2.4 for WordPress does not validate hostnames (CVE-2015-1376)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:pixabay_upload "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:image_url "!@rx ^https?\:\/\/pixabay\.com\/" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@eq 1" \
"id:226390,chain,msg:'COMODO WAF: Start tracking AB Google Map Travel (AB-MAP) WordPress plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ab_map_options" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_ab_googlemaptravel=1',expirevar:'SESSION.wp_ab_googlemaptravel=300',t:none,t:lowercase"
SecRule ARGS_GET:page "@streq ab_map_options" \
"id:226391,chain,msg:'COMODO WAF: CSRF vulnerability in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress (CVE-2015-2755)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_ab_googlemaptravel "!@eq 1" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith /admin.php" \
"id:226400,chain,msg:'COMODO WAF: CSRF Vulnerabilty in WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 (CVE-2015-2293)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpseo_bulk-editor" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "!@eq 1"
SecRule TX:WordPress "@eq 1" \
"id:226410,chain,msg:'COMODO WAF: SQL Vulnerabilty in WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 (CVE-2015-2292)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpseo_bulk-editor" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:orderby "!@within post_title post_type post_date" \
"t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:226411,chain,msg:'COMODO WAF: SQL Vulnerabilty in WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 (CVE-2015-2292)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpseo_bulk-editor" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:order "!@within desc asc" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@eq 1" \
"id:226420,chain,msg:'COMODO WAF: Start tracking CrossSlide jQuery WordPress plugin||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq thisismyurl_csj.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /options-general.php" \
"setvar:'SESSION.wp_csj=1',expirevar:'SESSION.wp_csj=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /options-general.php" \
"id:226421,chain,msg:'COMODO WAF: CSRF vulnerability in the CrossSlide jQuery plugin 2.0.5 for WordPress (CVE-2015-2089)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq thisismyurl_csj.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_csj "!@eq 1"
SecRule &SESSION:wp_session "@eq 1" \
"id:226430,chain,phase:2,pass,nolog,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:page "@streq acobot" \
"setvar:'SESSION.wp_acobot=1',expirevar:'SESSION.wp_acobot=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /options-general.php" \
"id:226431,chain,msg:'COMODO WAF: CSRF vulnerability in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress (CVE-2015-2039)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq acobot" \
"chain,t:none,t:lowercase"
SecRule &ARGS:update_account "@ge 1" \
"chain"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_acobot "!@eq 1"
SecRule &SESSION:wp_session "@ge 1" \
"id:226474,chain,phase:2,pass,nolog,t:none,skip:4,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@rx admin(?:\-ajax)?\.php$" \
"chain,t:none,t:lowercase"
SecRule ARGS:page|ARGS:action "@contains wysija" \
"chain,t:none"
SecRule &ARGS:_wpnonce "@ge 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:226470,chain,phase:2,pass,nolog,skip:3,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule ARGS:page "@contains wysija" \
"chain,t:none,t:lowercase"
SecRule ARGS:action "!@within duplicate delete" \
"setvar:'SESSION.wysija=1',expirevar:'SESSION.wysija=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"id:226471,chain,msg:'COMODO WAF: CSRF vulnerability in the MailPoet Newsletters WordPress plugin before 2.6.11 (CVE-2014-3907)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule ARGS:action "@contains wysija" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wysija "!@eq 1"
SecRule REQUEST_FILENAME "@endsWith admin-ajax.php" \
"id:226472,chain,msg:'COMODO WAF: CSRF vulnerability in the MailPoet Newsletters WordPress plugin before 2.6.11 (CVE-2014-3907)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule ARGS:action "@contains wysija" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wysija "!@eq 1"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"id:226473,chain,msg:'COMODO WAF: CSRF vulnerability in the MailPoet Newsletters WordPress plugin before 2.6.11 (CVE-2014-3907)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule ARGS:page "@contains wysija" \
"chain,t:none,t:lowercase"
SecRule ARGS:action "@within duplicate delete" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wysija "!@eq 1"
SecRule &SESSION:wp_session "@eq 1" \
"id:226480,chain,phase:2,pass,nolog,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:page "@contains gd-star" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.gdstar=1',expirevar:'SESSION.gdstar=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /admin.php" \
"id:226481,chain,msg:'COMODO WAF: Multiple CSRF vulnerabilities in the GD Star Rating plugin 19.22 for WordPress (CVE-2014-2838)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains gd-star" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:gdstar "!@eq 1"
SecRule &SESSION:wp_session "@eq 1" \
"id:226491,chain,phase:2,pass,nolog,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains cnss_social_icon" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.easysocial=1',expirevar:'SESSION.easysocial=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /admin.php" \
"id:226492,chain,msg:'COMODO WAF: CSRF vulnerability in the Easy Social Icons plugin before 1.2.3 for WordPress (CVE-2015-2084)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains cnss_social_icon" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:easysocial "!@eq 1"
SecRule &SESSION:wp_session "@ge 1" \
"id:226500,chain,msg:'COMODO WAF: CSRF vulnerability in the Contact Form DB plugin before 2.8.32 for WordPress (CVE-2015-1874)||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,skip:1,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@contains cf7dbplugin" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_cfdb=1',expirevar:'SESSION.wp_cfdb=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /admin.php" \
"id:226501,chain,msg:'COMODO WAF: CSRF vulnerability in the Contact Form DB plugin before 2.8.32 for WordPress (CVE-2015-1874)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cf7dbpluginsubmissions" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:delete "@ge 1" \
"chain"
SecRule &SESSION:wp_cfdb "!@ge 1"
SecRule &SESSION:wp_session "@eq 1" \
"id:226531,chain,phase:2,pass,nolog,skip:1,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:page "@contains mobile-domain" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.mobiledomain=1',expirevar:'SESSION.mobiledomain=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /options-general.php" \
"id:226532,chain,msg:'COMODO WAF: CSRF vulnerabilitiy in the Mobile Domain plugin 1.5.2 for WordPress (CVE-2015-1581)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains mobile-domain" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:mobiledomain "!@eq 1"
SecRule &SESSION:wp_session "@ge 1" \
"id:226560,chain,phase:2,pass,nolog,skip:2,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none"
SecRule ARGS_GET:page "@streq redirection-page" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.redirection_page_plugin=1',expirevar:'SESSION.redirection_page_plugin=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"id:226561,chain,msg:'COMODO WAF: CSRF vulnerability in the Redirection Page plugin 1.2 for WordPress (CVE-2015-1580)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq redirection-page" \
"chain,t:none,t:lowercase"
SecRule &ARGS:redirectionpage_action "@ge 1" \
"chain,t:none"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:redirection_page_plugin "!@eq 1"
SecRule &SESSION:wp_session "@ge 1" \
"id:226580,chain,phase:2,pass,nolog,skip:1,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq liveoptim" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:action "!@within modif-config mot-cle-enlever mot-cle-deplacer" \
"setvar:'SESSION.liveoptim=1',expirevar:'SESSION.liveoptim=300',t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"id:226581,chain,msg:'COMODO WAF: CSRF vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress (CVE-2014-100001)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq liveoptim" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"chain,t:none"
SecRule &SESSION:liveoptim "!@ge 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:226610,chain,msg:'COMODO WAF: Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress (CVE-2014-10017)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq usces_itemedit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:changeSort "!@pm item_name item_code" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:226611,chain,msg:'COMODO WAF: Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress (CVE-2014-10017)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq usces_itemedit" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:switch "!@pm asc desc" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:226650,chain,phase:2,pass,nolog,t:none,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@contains aiowpsec_firewall" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@streq tab6" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET "@eq 2" \
"setvar:'SESSION.wpsec=1',expirevar:'SESSION.wpsec=300',t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:226651,chain,msg:'COMODO WAF: CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress (CVE-2015-0895)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,deny,status:403,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@contains aiowpsec" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:tab "@streq tab6" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:action|ARGS_GET:action2 "@contains delete" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wpsec "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:226670,chain,phase:2,pass,nolog,skip:3,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith edit-comments.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq disqus" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET:active "@eq 0" \
"setvar:'SESSION.disqus=1',expirevar:'SESSION.disqus=300'"
SecRule &SESSION:wp_session "@ge 1" \
"id:226671,chain,phase:2,pass,nolog,skip:2,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith edit-comments.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq disqus" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"setvar:'SESSION.disqus=1',expirevar:'SESSION.disqus=20',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:226672,chain,msg:'COMODO WAF: Multiple CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress (CVE-2014-5346)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith edit-comments.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq disqus" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET:active "@ge 1" \
"chain"
SecRule &SESSION:disqus "@eq 0"
SecRule &SESSION:wp_session "@ge 1" \
"id:226673,chain,msg:'COMODO WAF: Multiple CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress (CVE-2014-5346)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@rx (?:\/|index\.php)$" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET:cf_action "@ge 1" \
"chain"
SecRule ARGS_GET:cf_action "@within import_comments export_comments" \
"chain,t:none,t:lowercase"
SecRule &SESSION:disqus "@eq 0"
SecRule &SESSION:wp_session "@ge 1" \
"id:226690,chain,phase:2,pass,nolog,skip:2,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@contains pie-import-export" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET "@eq 1" \
"setvar:'SESSION.pie=1',expirevar:'SESSION.pie=300'"
SecRule &SESSION:wp_session "@ge 1" \
"id:226691,chain,msg:'COMODO WAF: RCE vulnerability in the Pie Register plugin before 2.0.14 for WordPress (CVE-2014-8802)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@contains pie-import-export" \
"chain,t:none,t:lowercase"
SecRule FILES_NAMES "@contains csvfile" \
"chain,t:none,t:lowercase"
SecRule &SESSION:pie "!@eq 1"
SecRule &SESSION:wp_session "@ge 1" \
"id:226692,chain,msg:'COMODO WAF: RCE ulnerability in the Pie Register plugin before 2.0.14 for WordPress (CVE-2014-8802)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith profile.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:verifyit "@eq 1" \
"chain,t:none"
SecRule &ARGS_POST_NAMES:vusers[] "@ge 1" \
"chain"
SecRule &SESSION:pie "!@eq 1"
SecRule TX:WordPress "@eq 1" \
"id:226770,chain,msg:'COMODO WAF: SQL injection vulnerability in the NewStatPress plugin before 0.9.9 for WordPress (CVE-2015-4062)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nsp_search" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:/where[1-3]/ "!@rx ^[a-z]+$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:226780,chain,msg:'COMODO WAF: SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress (CVE-2015-1393)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq galleries_bwg" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:asc_or_desc "!@within asc desc" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:226800,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq login_widget_afo" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.login_widget=1',expirevar:'SESSION.login_widget=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:226801,chain,msg:'COMODO WAF: CSRF vulnerability in the Login Widget With Shortcode plugin before 3.2.1 for WordPress (CVE-2014-6312)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:login_widget "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq login_widget_afo" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:227000,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in the CformsII plugin 14.7 and earlier for WordPress (CVE-2014-9473)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:6,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:page_id "@ge 1" \
"chain,t:none"
SecRule &ARGS_POST:/^sendbutton\d*$/ "@ge 1" \
"chain,t:none"
SecRule FILES "!@rx \.(?:pdf|doc|docx|txt)$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:227060,chain,msg:'COMODO WAF: XSS vulnerability in the YouTube Embed plugin before 3.3.3 for WordPress (CVE-2015-6535)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq profile-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:youtube_embed_name "!@rx ^[\w\-]+$" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227150,chain,msg:'COMODO WAF: SQL injection vulnerability in the WP Symposium plugin before 14.11 for WordPress (CVE-2014-8810)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq getmailmessage" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:tray "!@streq in" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith ajax/mail_functions.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227260,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq conformconf" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.encform=1',expirevar:'SESSION.encform=300',t:none,t:lowercase"
SecRule ARGS_GET:page "@streq conformconf" \
"id:227261,chain,msg:'COMODO WAF: CSRF vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress (CVE-2015-4010)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:encform "!@ge 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227290,chain,phase:2,pass,nolog,skip:1,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq instagram-portfolio" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET "@eq 1" \
"setvar:'SESSION.instagram-portfolio=1',expirevar:'SESSION.instagram-portfolio=300'"
SecRule &SESSION:wp_session "@ge 1" \
"id:227291,chain,msg:'COMODO WAF: CSRF vulnerability in the Portfolio plugin before 1.05 for WordPress (CVE-2015-6523)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq instagram-portfolio" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:instagram-portfolio "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227310,chain,phase:2,pass,nolog,skip:1,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains wp_smilies" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_smilies=1',expirevar:'SESSION.wp_smilies=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227311,chain,msg:'COMODO WAF: CSRF vulnerability in the WP Smiley plugin 1.4.1 for WordPress (CVE-2015-4140)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains wp_smilies" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_smilies "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227350,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress (CVE-2014-5460)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq slideshow-slides" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:method "@streq save" \
"chain,t:none,t:lowercase"
SecRule FILES "!@rx \.(?:jpe?g|gif|bmp|png)$" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227561,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq checkout_editor_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_CartPress=1',expirevar:'SESSION.wp_CartPress=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227562,chain,msg:'COMODO WAF: CSRF vulnerability in the TheCartPress eCommerce Shopping Cart plugin before 1.3.9.3 for WordPress (CVE-2015-3986)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_CartPress "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq checkout_editor_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227531,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq slug_for_fb_like_box" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_fb_like=1',expirevar:'SESSION.wp_fb_like=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227532,chain,msg:'COMODO WAF: CSRF vulnerability in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress (CVE-2014-9524)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq slug_for_fb_like_box" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_fb_like "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227551,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq team_member" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq sc_team_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_our_team=1',expirevar:'SESSION.wp_our_team=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227552,chain,msg:'COMODO WAF: CSRF vulnerability in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress (CVE-2014-9523)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq team_member" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq sc_team_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_our_team "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227570,chain,msg:'COMODO WAF: XSS vulnerability in the Pie Register plugin before 2.0.19 for WordPress (CVE-2015-7377)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pie-register" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:invitaion_code "@contains <" \
"t:none,t:base64Decode"
SecRule &SESSION:wp_session "@ge 1" \
"id:210150,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-share-buttons-adder" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_simple-share-buttons=1',expirevar:'SESSION.wp_simple-share-buttons=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:210151,chain,msg:'COMODO WAF: CSRF vulnerability in the Simple Share Buttons Adder plugin before 4.5 for WordPress (CVE-2014-4717)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-share-buttons-adder" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith options-general.php" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_simple-share-buttons "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227630,chain,phase:2,pass,nolog,skip:1,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bannereffectoptions" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_banner_effect=1',expirevar:'SESSION.wp_banner_effect=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227631,chain,msg:'COMODO WAF: CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress (CVE-2015-0920)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bannereffectoptions" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_banner_effect "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227640,chain,msg:'COMODO WAF: SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress (CVE-2015-1055)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:order_by "!@within asc desc" \
"chain,t:none,t:removeWhitespace,t:lowercase"
SecRule ARGS:action "@streq gallerybox" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227700,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-vipergb" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_vipergb=1',expirevar:'SESSION.wp_vipergb=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227701,chain,msg:'COMODO WAF: CSRF vulnerability in the WP-ViperGB plugin before 1.3.11 for WordPress (CVE-2014-9460)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-vipergb" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_vipergb "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227720,chain,phase:2,pass,nolog,skip:1,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains wp-popup" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_popup=1',expirevar:'SESSION.wp_popup=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227721,chain,msg:'COMODO WAF: CSRF vulnerability in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress (CVE-2014-9525)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains wp-popup" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_popup "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227730,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpbs_panel" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_ss-icon=1',expirevar:'SESSION.wp_ss-icon=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227731,chain,msg:'COMODO WAF: CSRF vulnerability in the Sliding Social Icons plugin 1.61 for WordPress (CVE-2014-9437)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpbs_panel" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:action "@streq wpbs_save_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_ss-icon "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227740,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-simple-sticky-footer" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_sticky-footer=1',expirevar:'SESSION.wp_sticky-footer=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227741,chain,msg:'COMODO WAF: CSRF vulnerability in the Simple Sticky Footer plugin before 1.3.3 for WordPress (CVE-2014-9454)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-simple-sticky-footer" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_sticky-footer "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227750,chain,phase:2,pass,nolog,skip:1,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-ip-ban" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_ip-ban=1',expirevar:'SESSION.wp_ip-ban=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227751,chain,msg:'COMODO WAF: CSRF vulnerability in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress (CVE-2014-9413)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple-ip-ban" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_ip-ban "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227820,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cmdm_admin_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET "@eq 1" \
"setvar:'SESSION.wp_cmdm_admin=1',expirevar:'SESSION.wp_cmdm_admin=300',t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227821,chain,msg:'COMODO WAF: CSRF vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress (CVE-2014-9129)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq cmdm_admin_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_cmdm_admin "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227860,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq redirect-updates" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET "@eq 1" \
"setvar:'SESSION.wp_quick_redirects=1',expirevar:'SESSION.wp_quick_redirects=300'"
SecRule &SESSION:wp_session "@ge 1" \
"id:227861,chain,msg:'COMODO WAF: CSRF vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress (CVE-2014-2598)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq redirect-updates" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_quick_redirects "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227880,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains simpleflickr" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET "@eq 1" \
"setvar:'SESSION.wp_simpleflickr=1',expirevar:'SESSION.wp_simpleflickr=300',t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227881,chain,msg:'COMODO WAF: CSRF vulnerability in the SimpleFlickr plugin 3.0.3 and earlier for WordPress (CVE-2014-9396)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains simpleflickr" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_simpleflickr "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227920,chain,phase:2,pass,nolog,skip:1,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains twitget/twitget" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule &ARGS_GET "@eq 1" \
"setvar:'SESSION.wp_twitget=1',expirevar:'SESSION.wp_twitget=300'"
SecRule &SESSION:wp_session "@ge 1" \
"id:227921,chain,msg:'COMODO WAF: CSRF vulnerability in the Twitget plugin before 3.3.3 for WordPress (CVE-2014-2559)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains twitget/twitget" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_twitget "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:227970,chain,phase:2,pass,nolog,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains spnbabble" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_spnbabble=1',expirevar:'SESSION.wp_spnbabble=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:227971,chain,msg:'COMODO WAF: CSRF vulnerability in the SPNbabble plugin 1.4.1 and earlier for WordPress (CVE-2014-9339)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@contains spnbabble" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_spnbabble "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:227990,chain,msg:'COMODO WAF: Directory traversal vulnerability in zM Ajax Login and Register plugin before 1.1.0 for WordPress (CVE-2015-4153)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@streq load_template" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:template "@rx ^\/|\.\." \
"t:none,t:urlDecodeUni"
SecRule &SESSION:wp_session "@ge 1" \
"id:228120,chain,phase:2,pass,nolog,t:none,skip:1,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm cfg_forms cfg_fields cfg_templates" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_cfg=1',expirevar:'SESSION.wp_cfg=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:228121,chain,msg:'COMODO WAF: CSRF vulnerability in the Contact Form Generator plugin 2.0.1 and earlier for WordPress (CVE-2015-6965)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@pm cfg_forms cfg_fields cfg_templates" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_cfg "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:229370,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpcsw_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_wpcsw=1',expirevar:'SESSION.wp_wpcsw=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229371,chain,msg:'COMODO WAF: CSRF vulnerability in the CopySafe Web Protection plugin before 2.6 for WordPress (CVE-2017-8100)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpcsw_settings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_wpcsw "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:229440,chain,phase:2,pass,nolog,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq clean_login_menu" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/options-general.php" \
"setvar:'SESSION.wp_cleanlog=1',expirevar:'SESSION.wp_cleanlog=300',t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229441,chain,msg:'COMODO WAF: CSRF vulnerability in Clean Login plugin before 1.8 for WordPress (CVE-2017-8875)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq clean_login_menu" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_cleanlog "!@eq 1" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/options-general.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229450,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq deleteu" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@streq users-list" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"setvar:'SESSION.wp_WHIZZ=1',expirevar:'SESSION.wp_WHIZZ=300',t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229451,chain,msg:'COMODO WAF: CSRF vulnerability in WHIZZ plugin before 1.1.1 for WordPress (CVE-2017-8099)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:deletec "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_WHIZZ "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq users-list" \
"chain,t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:229510,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress (CVE-2015-9228)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:photocrati_ajax "@ge 1" \
"chain,t:none"
SecRule &ARGS_GET:nextgen_upload_image_sec "@ge 1" \
"chain,t:none"
SecRule FILES "!@rx \.(?:jpe?g|gif|png)$" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:210870,chain,phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq crony" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:action "@within add edit" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith admin.php" \
"setvar:'SESSION.wp_crony=1',expirevar:'SESSION.wp_crony=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:210871,chain,msg:'COMODO WAF: CSRF vulnerability in Crony Cronjob Manager plugin before 0.4.7 for WordPress (CVE-2017-14530)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:name "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq crony" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_crony "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229820,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in WP Support Plus Responsive Ticket System before 8.0.7 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wpsp_upload_attachment" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule FILES "@rx \.(?:(?:p|s|x|d)?h(?:p[2-7s]?|(?:tm)?l?)|dll|exe|js|p(?:l|y)|rb|sh|cgi|com|bat|aspx?)" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229830,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq youtube-my-preferences" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith admin.php" \
"setvar:'SESSION.wp_youtube_embed=1',expirevar:'SESSION.wp_youtube_embed=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229831,chain,msg:'COMODO WAF: CSRF vulnerability in YouTube plugin for WordPress (CVE-2017-1000224)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:apikey "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq youtube-my-preferences" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@endsWith admin.php" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_youtube_embed "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:229950,chain,msg:'COMODO WAF: XSS and Directory Traversal vulnerability in GD Rating System plugin 2.3 for WordPress (CVE-2018-5286, CVE-2018-5287, CVE-2018-5288, CVE-2018-5289, CVE-2018-5290, CVE-2018-5291, CVE-2018-5292, CVE-2018-5293)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith gd-rating-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@rx system\-(?:settings|about|rules|types|ratings|log|transfer|information|tools|front)$" \
"chain"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:panel "@rx (?:\x22|\.\.)" \
"t:none,t:urlDecodeUni"
SecRule &SESSION:wp_session "@ge 1" \
"id:210950,chain,phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq rcsm-weblizar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"setvar:'SESSION.wp_rcsm-weblizar=1',expirevar:'SESSION.wp_rcsm-weblizar=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:210952,chain,msg:'COMODO WAF: CSRF vulnerability in Responsive-coming-soon-page plugin 1.1.18 for WordPress (CVE-2018-5658)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq rcsm-weblizar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_rcsm-weblizar "!@eq 1" \
"chain,t:none"
SecRule ARGS_POST_NAMES "@rx ^weblizar\_rcsm\_settings\_save\_(?:appearance|social|subscriber|counter\_clock|footer)\_option$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229970,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith wpdevart-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@rx ^wpdevart-(?:forms|extras|themes)$" \
"chain"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"setvar:'SESSION.wp_wpdevart=1',expirevar:'SESSION.wp_wpdevart=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229971,chain,msg:'COMODO WAF: CSRF vulnerability in Booking-calendar plugin 2.1.7 for WordPress (CVE-2018-5673)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith wpdevart-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@rx ^wpdevart-(?:forms|extras|themes)$" \
"chain"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_wpdevart "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:229990,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith read-and-understood-menu-slug-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"setvar:'SESSION.wp_read-and-understood=1',expirevar:'SESSION.wp_read-and-understood=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:229991,chain,msg:'COMODO WAF: CSRF vulnerability in Read-and-understood plugin 2.1 for WordPress (CVE-2018-5669)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith read-and-understood-menu-slug-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:rnu_username|&ARGS_POST:rnu_username_validation_pattern|&ARGS_POST:rnu_username_validation_title "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_read-and-understood "!@eq 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230050,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq pffree-weblizar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"setvar:'SESSION.wp_pffree-weblizar=1',expirevar:'SESSION.wp_pffree-weblizar=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230051,chain,msg:'COMODO WAF: CSRF vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5656)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:weblizar_pffree_settings_save_get-users "@ge 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_pffree-weblizar "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:230070,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpdf-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"setvar:'SESSION.wp_wpdf-options=1',expirevar:'SESSION.wp_wpdf-options=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230071,chain,msg:'COMODO WAF: CSRF vulnerability in ImageInject plugin 1.15 for WordPress (CVE-2018-5285)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:flickr_appid "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wpdf-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_wpdf-options "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:230120,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpglobus_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"setvar:'SESSION.wp_wpglobus=1',expirevar:'SESSION.wp_wpglobus=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230121,chain,msg:'COMODO WAF: CSRF vulnerability in WPGlobus plugin 1.9.6 for WordPress (CVE-2018-5361)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq wpglobus_option_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_wpglobus "!@eq 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq options.php" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230130,chain,phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq srbtranslatoptions" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"setvar:'SESSION.wp_srbtranslat=1',expirevar:'SESSION.wp_srbtranslat=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230131,chain,msg:'COMODO WAF: CSRF vulnerability in SrbTransLatin plugin 1.46 for WordPress (CVE-2018-5368)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:lang_identificator "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq srbtranslatoptions" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_srbtranslat "!@eq 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230170,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq flickrrss-settingspage.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"setvar:'SESSION.wp_flickrrss=1',expirevar:'SESSION.wp_flickrrss=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230171,chain,msg:'COMODO WAF: CSRF vulnerability in FlickrRSS plugin 5.3.1 for WordPress (CVE-2018-6467)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:flickrRSS_num_items "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_flickrrss "!@eq 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230200,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in AccessPress Anonymous Post Pro 3.2.0 for WordPress (CVE-2017-1649)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@streq ap_file_upload_action" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "@rx \.(?:(?:p|s|x|d)?h(?:p[2-7s]?|(?:tm)?l?)|dll|exe|js|p(?:l|y)|rb|sh|cgi|com|bat|aspx?)$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230310,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq add_social_share_buttons" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_social_share_buttons=1',expirevar:'SESSION.wp_social_share_buttons=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230311,chain,msg:'COMODO WAF: CSRF vulnerability in Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress (CVE-2018-11632)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:add_custom_service_style "@ge 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq admin-post.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_social_share_buttons "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:230320,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq woo-checkout-fields" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_woo-checkout-field=1',expirevar:'SESSION.wp_woo-checkout-field=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230321,chain,msg:'COMODO WAF: CSRF vulnerability in Woo Checkout for Digital Goods plugin 2.1 for WordPress (CVE-2018-11633)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:woo_chk_checkout_field[] "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq woo-checkout-fields" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_woo-checkout-field "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230400,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress (CVE-2018-0587)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@contains um-api/route/um!core!files/ajax_image_upload" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule FILES "!@rx \.(?:jpe?g|gif|bmp|png|webp)$" \
"t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230410,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in WP Live Chat Support Pro plugin before 8.0.07 for WordPress (CVE-2018-12426)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:chat_id "@ge 1" \
"chain,t:none"
SecRule REQUEST_URI "@contains wp-json/wp_live_chat_support" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule MATCHED_VAR "@rx \/v\d+?\/remote_upload" \
"chain"
SecRule FILES "@rx \.(?:php[\d]?|js|pl|rb|sh|(?:p|s|x|d)?html?|asp|exe|com|htaccess)$" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230520,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-ulike-post-logs" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_ulike=1',expirevar:'SESSION.wp_ulike=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230521,chain,msg:'COMODO WAF: CSRF vulnerability in ULike plugin version 2.8.1, 3.1 for WordPress (CVE-2018-1000511)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq ulikelogs" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_ulike "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:230522,chain,msg:'COMODO WAF: Content injection vulnerability in ULike plugin version 2.8.1, 3.1 for WordPress (CVE-2018-1000511)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq ulikelogs" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:table "!@streq ulike" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230530,chain,phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq metronet-tag-manager" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"setvar:'SESSION.wp_metronet=1',expirevar:'SESSION.wp_metronet=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230531,chain,msg:'COMODO WAF: CSRF vulnerability in Metronet Tag Manager plugin version 1.2.7 for WordPress (CVE-2018-1000506)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq metronet-tag-manager" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_metronet "!@eq 1" \
"chain,t:none"
SecRule &ARGS_POST:gtm-code-head|&ARGS_POST:gtm-code "@ge 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230540,chain,msg:'COMODO WAF: OS command injection vulnerability in Plainview Activity Monitor plugin 20161228 for WordPress (CVE-2018-15877)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq plainview_activity_monitor" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:ip "@contains |" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230580,chain,phase:2,pass,nolog,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp_file_manager_root" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_file_manager=1',expirevar:'SESSION.wp_file_manager=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230581,chain,msg:'COMODO WAF: CSRF vulnerability in File Manager plugin 3.0 for WordPress (CVE-2018-16966)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_file_manager "!@eq 1" \
"chain,t:none"
SecRule &ARGS_POST:public_path "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wp_file_manager_root" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230640,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpfastestcacheoptions" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_wpfastestcache=1',expirevar:'SESSION.wp_wpfastestcache=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230641,chain,msg:'COMODO WAF: CSRF vulnerability in WP Fastest Cache 0.8.8.5 plugin for WordPress (CVE-2018-17584)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_wpfastestcache "!@eq 1" \
"chain,t:none"
SecRule &ARGS_POST:wpFastestCachePage "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wpfastestcacheoptions" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230790,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq slimconfig" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_slimconfig=1',expirevar:'SESSION.wp_slimconfig=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:230791,chain,msg:'COMODO WAF: CSRF vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq slimconfig" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_slimconfig "!@eq 1" \
"chain,t:none"
SecRule REQUEST_METHOD "@streq post" \
"t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:230840,chain,msg:'COMODO WAF: Unrestricted file upload vulerability in Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress (CVE-2018-18461)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bft_messages" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "@rx \.(?:(?:p|s|x|d)?h(?:p[2-7s]?|(?:tm)?l?)|dll|exe|js|p(?:l|y)|rb|sh|cgi|com|bat|aspx?)" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:232090,chain,msg:'COMODO WAF: SQL injection vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002000)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bft_list" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:del_ids "!@rx ^[\d\,]+?$" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:232130,chain,msg:'COMODO WAF: Open redirect vulnerability in Ninja Forms plugin before 3.3.19.1 for WordPress (CVE-2018-19796)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@streq nf_download_all_subs" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:args[redirect] "@beginsWith http" \
"t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:232180,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq two-factor-auth-user" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_two-factor=1',expirevar:'SESSION.wp_two-factor=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:232181,chain,msg:'COMODO WAF: CSRF vulnerability in two-factor-authentication plugin before 1.3.13 for WordPress (CVE-2018-20231)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:tfa_enable_tfa "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq two-factor-auth-user" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_two-factor "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:232200,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq my_keywords_settings_importer" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_Tooltipy=1',expirevar:'SESSION.wp_Tooltipy=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:232201,chain,msg:'COMODO WAF: CSRF vulnerability in Tooltipy plugin 5.0 for WordPress (CVE-2018-1000505)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:bluet_posttypes_list "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq my_keywords_settings_importer" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_Tooltipy "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:232250,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith block-hide-adsense-ads-for-specific-countries" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.Hide_Adsense=1',expirevar:'SESSION.Hide_Adsense=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:232251,chain,msg:'COMODO WAF: CSRF vulnerability Hide Adsense Ads for specific countries plugin 1.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:Hide_Adsense "!@eq 1" \
"chain,t:none"
SecRule &ARGS_POST:haa_country_hide[] "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@beginsWith block-hide-adsense-ads-for-specific-countries" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:232470,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq formcraft_basic_dashboard" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.smartforms=1',expirevar:'SESSION.smartforms=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:232471,chain,msg:'COMODO WAF: CSRF vulnerability in Smart Forms plugin before 1.2.2 for WordPress (CVE-2019-5920)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq formcraft_basic_form_save" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:smartforms "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:232570,chain,msg:'COMODO WAF: File upload and RCE vulnerabilities in Slider Revolution Plugin for WordPress (CVE-2014-9735)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:client_action "@ge 1" \
"chain,t:none"
SecRule &ARGS_POST:data "@gt 0" \
"chain,t:none"
SecRule ARGS_POST:action "@streq revslider_ajax_action" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233390,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-open-graph" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"setvar:'SESSION.wp_wp-open-graph=1',expirevar:'SESSION.wp_wp-open-graph=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233391,chain,msg:'COMODO WAF: CSRF vulnerability in WP Open Graph 1.6.1 and earlier for WordPress (CVE-2019-5960)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_wp-open-graph "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wp-open-graph" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:/^wpog_options\[/ "@ge 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq options-general.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233400,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nm_woostore" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_nm_woostore=1',expirevar:'SESSION.wp_nm_woostore=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233401,chain,msg:'COMODO WAF: CSRF vulnerability in Personalized WooCommerce Cart Page plugin 2.4 and earlier for WordPress (CVE-2019-5979)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_nm_woostore "!@eq 1" \
"chain,t:none"
SecRule ARGS_POST:action "@streq nm_woostore_save_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233420,chain,msg:'COMODO WAF: Unrestricted file upload Vulnerability in SupportCandy plugin through 2.0.0 for WordPress (CVE-2019-11223)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS:setting_action "@ge 1" \
"chain,t:none"
SecRule ARGS:action "@streq wpsc_tickets" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "@rx \.(?:(?:p|s|x|d)?h(?:p[2-7s]?|(?:tm)?l?)|dll|exe|js|p(?:l|y)|rb|sh|cgi|com|bat|aspx?)" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:233450,chain,phase:2,pass,nolog,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq templates" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:post_type "@streq wpdmpro" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_download_manager=1',expirevar:'SESSION.wp_download_manager=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:233451,chain,msg:'COMODO WAF: CSRF vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:action "@streq wpdm_save_email_setting" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_download_manager "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:233480,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq bookings" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.bookings=1',expirevar:'SESSION.bookings=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:233481,chain,msg:'COMODO WAF: CSRF vulnerability in Bookings Plugin 6.0.4 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:action "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq bookings" \
"chain,t:none,t:lowercase"
SecRule &SESSION:bookings "!@eq 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:233520,chain,phase:2,pass,nolog,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq daf_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.daf_user=1',expirevar:'SESSION.daf_user=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:233521,chain,msg:'COMODO WAF: CSRF vulnerability in Deny All Firewall plugin 1.1.6 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq daf_options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:daf_user "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233540,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@contains /index.php/account/" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_um_account=1',expirevar:'SESSION.wp_um_account=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233541,chain,msg:'COMODO WAF: CSRF vulnerability in Ultimate Member plugin before 2.0.40 for WordPress (CVE-2019-10673)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_um_account "!@eq 1" \
"chain,t:none"
SecRule &ARGS_POST:_um_account "@ge 1" \
"chain,t:none"
SecRule REQUEST_URI "@contains /index.php/account/" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233580,chain,msg:'COMODO WAF: XSS vulnerability in Form Maker plugin v1.13.3 for WordPress (CVE-2019-10866)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq submissions_fm" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:asc_or_desc "!@within asc desc" \
"t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233610,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq simple_wp_membership" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.simple_wp_membership=1',expirevar:'SESSION.simple_wp_membership=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233611,chain,msg:'COMODO WAF: CSRF vulnerability in Simple Membership plugin before 3.8.5 for WordPress (CVE-2019-14328)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:simple_wp_membership "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:member_action "@streq bulk" \
"chain,t:none,t:lowercase"
SecRule &ARGS_POST:/^swpm_bulk_/ "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq simple_wp_membership" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233630,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq custom-simple-rss-admin-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_custom-simple-rss=1',expirevar:'SESSION.wp_custom-simple-rss=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233631,chain,msg:'COMODO WAF: CSRF vulnerability in Custom Simple Rss plugin 2.0.6 for WordPress (CVE-2019-14327)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_custom-simple-rss "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq custom-simple-rss-admin-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:/^csrp_post_/ "@ge 1" \
"t:none"
SecRule &SESSION:wp_session "@ge 1" \
"id:233660,chain,phase:2,pass,nolog,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq espresso_general_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.espresso_user=1',expirevar:'SESSION.espresso_user=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:233661,chain,msg:'COMODO WAF: CSRF vulnerability in Event Espresso 4 Decaf plugin 4.9.82.decaf for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:page "@streq espresso_general_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:action "@within espresso_add_new_state espresso_delete_state" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:espresso_user "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233710,chain,msg:'COMODO WAF: XSS vulnerability in Simple Mail Address Encoder plugin 1.6.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq smae" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:fwurl "@contains '" \
"t:none,t:base64Decode"
SecRule TX:WordPress "@eq 1" \
"id:233730,chain,msg:'COMODO WAF: SQL injection vulnerability in FV Flowplayer Video Player plugin 7.3.18.727 and below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq fv_player" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:orderby|ARGS_GET:order "!@within player_name id date_created desc asc" \
"t:none,t:lowercase,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:233780,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-code-highlight-js" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_highlight-js=1',expirevar:'SESSION.wp_highlight-js=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233781,chain,msg:'COMODO WAF: CSRF vulnerability in wp-code-highlightjs plugin through 0.6.2 for WordPress (CVE-2019-12934)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_highlight-js "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wp-code-highlight-js" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:/^hljs_/ "@ge 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233830,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-google-maps-menu-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_google_maps=1',expirevar:'SESSION.wp_google_maps=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233831,chain,msg:'COMODO WAF: CSRF vulnerability in WP Google Maps plugin 7.11.27 and below for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq wpgmza_settings_page_post" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule &SESSION:wp_google_maps "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233840,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wpmem-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wpmem_user=1',expirevar:'SESSION.wpmem_user=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233841,chain,msg:'COMODO WAF: CSRF vulnerability in WP-Members Membership plugin 3.2.7 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:wpmem_admin_a|&ARGS_POST:delete_fields "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wpmem-settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wpmem_user "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233850,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq wp-add-mime-types/includes/admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp-add-mime-types-user=1',expirevar:'SESSION.wp-add-mime-types-user=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233851,chain,msg:'COMODO WAF: CSRF vulnerability in WP Add Mime Types plugin 2.2.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:mime_type_values "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wp-add-mime-types/includes/admin.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp-add-mime-types-user "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233970,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq acfbs_admin_page" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.ACF_Better_Search_user=1',expirevar:'SESSION.ACF_Better_Search_user=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233971,chain,msg:'COMODO WAF: CSRF vulnerability in ACF Better Search plugin 3.3.0 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:acfbs_save "@ge 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq acfbs_admin_page" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:ACF_Better_Search_user "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:233980,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nd-booking-settings-orders" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.nd_booking_user=1',expirevar:'SESSION.nd_booking_user=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:233981,chain,msg:'COMODO WAF: CSRF vulnerability in Booking 2.5 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq nd-booking-settings-orders" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:nd_booking_delete_order_id|&ARGS_POST:nd_booking_order_id "@eq 1" \
"chain,t:none"
SecRule &SESSION:nd_booking_user "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234060,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq one-click-ssl" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_ocssl=1',expirevar:'SESSION.wp_ocssl=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234061,chain,msg:'COMODO WAF: CSRF vulnerability in one-click-ssl plugin before 1.4.7 for WordPress (CVE-2019-15828)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:/^ocssl_/ "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_ocssl "!@eq 1" \
"chain,t:none"
SecRule REQUEST_BASENAME "@streq admin.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234070,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ahc_hits_counter_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_ahc_hits=1',expirevar:'SESSION.wp_ahc_hits=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234071,chain,msg:'COMODO WAF: CSRF vulnerability in visitors-traffic-real-time-statistics plugin before 1.13 for WordPress (CVE-2019-15832)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ahc_hits_counter_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:/^set_/ "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_ahc_hits "!@eq 1" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234080,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_METHOD "@streq get" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@beginsWith wpam-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@rx ^wpam-(?:manage-payouts|admin-functions|settings|creatives|newaffiliate)$" \
"setvar:'SESSION.wp_wpam=1',expirevar:'SESSION.wp_wpam=300',t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234081,chain,msg:'COMODO WAF: CSRF vulnerability in affiliates-manager plugin before 2.6.6 for WordPress (CVE-2019-15868)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &SESSION:wp_wpam "!@eq 1" \
"chain,t:none"
SecRule REQUEST_METHOD "@streq post" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:page "@beginsWith wpam-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule MATCHED_VAR "@rx ^wpam-(?:manage-payouts|admin-functions|settings|creatives|newaffiliate)$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234130,chain,msg:'COMODO WAF: SQLi vulnerability in Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress (CVE-2019-13569)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq es_subscribers" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:filter_by_list_id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234131,chain,msg:'COMODO WAF: SQLi vulnerability in Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress (CVE-2019-13569)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within es_subscribers es_forms es_campaigns es_reports" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:order "!@within desc asc" \
"t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234150,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq handl-utm-grabber.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_handl-utm=1',expirevar:'SESSION.wp_handl-utm=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234151,chain,msg:'COMODO WAF: CSRF vulnerability in handl-utm-grabber plugin before 2.6.5 for WordPress (CVE-2019-15769)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:hug_append_all "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_handl-utm "!@eq 1" \
"chain,t:none"
SecRule ARGS_POST:option_page "@streq handl-utm-grabber-settings-group" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:234330,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@beginsWith cforms2/cforms-" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_cforms2=1',expirevar:'SESSION.wp_cforms2=300',t:none,t:lowercase"
SecRule &SESSION:wp_session "@ge 1" \
"id:234331,chain,msg:'COMODO WAF: CSRF vulnerability in cforms2 plugin before 15.0.2 for WordPress (CVE-2019-15238)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:/^cforms_/ "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_cforms2 "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@rx ^cforms2\/cforms-(?:options|global-settings)\.php$" \
"t:none,t:urlDecodeUni,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234360,chain,phase:2,pass,nolog,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@endsWith wpussc-option.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_wpussc=1',expirevar:'SESSION.wp_wpussc=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234361,chain,msg:'COMODO WAF: CSRF vulnerability in Ultra Simple Paypal Shopping Cart v4.4 and earlier plugin for WordPress (CVE-2019-5992)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:cart_paypal_email "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_wpussc "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq wp-ultra-simple-paypal-shopping-cart/wpussc-option.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234370,chain,msg:'COMODO WAF: XSS vulnerability in liquid-speech-balloon plugin before 1.0.5 for WordPress (CVE-2019-17070)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:option_page "@streq liquid_speech_balloon_group" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^liquid_speech_balloon_/ "@rx \x60|\x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234420,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@endsWith edsanimate.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.wp_animate=1',expirevar:'SESSION.wp_animate=300',t:none,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234421,chain,msg:'COMODO WAF: CSRF vulnerability in animate-it plugin before 2.3.6 for WordPress (CVE-2019-17386)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:/^eds_/ "@ge 1" \
"chain,t:none"
SecRule &SESSION:wp_animate "!@eq 1" \
"chain,t:none"
SecRule ARGS_GET:page "@streq animate-it/edsanimate.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecMarker WPPlugin_Skip_URF_227561
SecRule REQUEST_FILENAME "@rx \.(?:php|js|p|pl|sh|py)$" \
"id:220250,chain,msg:'COMODO WAF: File upload vulnerability in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress (CVE-2013-5963)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@rx \/wp-content\/uploads\/wpdb\/" \
"t:none"
SecRule REQUEST_FILENAME "@rx /wp-content/plugins/complete-gallery-manager/frames/upload-images\.php" \
"id:220280,chain,msg:'COMODO WAF: File upload vulnerability in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress (CVE-2013-5962)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule FILES_NAMES "@rx .+\.(?:php|js|p|pl|sh|py|java)$" \
"t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-content/plugins/wp-easycart/inc/admin/phpinfo.php" \
"id:222160,msg:'COMODO WAF: Information disclosure vulnerability in The EasyCart plugin before 2.0.6 for WordPress (CVE-2014-4942)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalizePath,t:removeWhitespace,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains wp-content/plugins/wordpress-mobile-pack/export/content.php" \
"id:222220,chain,msg:'COMODO WAF: Information disclosure vulnerability in the WordPress Mobile Pack plugin before 2.0.2 for WordPress (CVE-2014-5337)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,multiMatch,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:content "@streq exportarticles" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS:callback "!eq 0"
SecRule REQUEST_FILENAME "@endsWith blipbot.ajax.php" \
"id:226040,chain,msg:'COMODO WAF: XSS vulnerability in the WP BlipBot plugin 3.0.9 and earlier for WordPress (CVE-2014-4580)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:BlipBotID "@rx [^\w\-\.:]" \
"t:none,t:urlDecodeUni,t:htmlEntityDecode,multiMatch"
SecRule REQUEST_FILENAME "@contains /server/php/" \
"id:226070,chain,msg:'COMODO WAF: Shell Upload Vulnerability WP Symposium plugin 14.11 for WordPress (CVE-2014-10021)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,multiMatch,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST_NAMES "@rx uploader_(uid|url)" \
"chain,t:none,t:urlDecodeUni,t:lowercase,multiMatch"
SecRule FILES "@rx \.(?:php|js|pl)(?:\.|$)" \
"t:none,t:urlDecodeUni,t:lowercase,multiMatch"
SecRule REQUEST_FILENAME "@endsWith frame-maker.php" \
"id:226170,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the Walk Score plugin 0.5.5 and earlier for WordPress (CVE-2014-4573)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:s|ARGS_GET:o "!@within small medium large vertical horizontal s m l v h" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith asset-studio/icons-launcher.php" \
"id:226190,chain,msg:'COMODO WAF: XSS vulnerability in the WP App Maker plugin 1.0.16.4 and earlier for WordPress (CVE-2014-4578)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:uid "!@rx ^[\w\-]{36}$"
SecRule REQUEST_FILENAME "@contains wp-content/plugins/wp-social-invitations/test.php" \
"id:226220,chain,msg:'COMODO WAF: XSS vulnerability in in the WP Social Invitations plugin before 1.4.4.3 for WordPress (CVE-2014-4597)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:xhrurl "!@streq http://www.example.com" \
"t:none,t:urlDecodeUni,t:compressWhitespace"
SecRule REQUEST_FILENAME "@endsWith vncal.js.php" \
"id:226230,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the VN-Calendar plugin 1.0 and earlier for WordPress (CVE-2014-4571)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:w|ARGS_GET:fs "!@rx ^[\d\.]{0,20}$" \
"t:none"
SecRule ARGS_GET:icl_action "@streq reminder_popup" \
"id:226280,chain,msg:'COMODO WAF: XSS vulnerability in the WPML plugin before 3.1.9 for WordPress (CVE-2015-2315)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:target "@contains javascript" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith stageshow_redirect.php" \
"id:226830,chain,msg:'COMODO WAF: Open redirect vulnerability in the Redirect function in the StageShow plugin before 5.0.9 for WordPress (CVE-2015-5461)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:url "@ge 1"
SecRule REQUEST_FILENAME "@endsWith simple-ads-manager/sam-ajax-admin.php" \
"id:226910,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in the Simple Ads Manager plugin before 2.5.96 for WordPress (CVE-2015-2825)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq upload_ad_image" \
"chain,t:none,t:lowercase"
SecRule FILES "!@rx \.(?:jpe?g|gif|bmp|png)$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith reflex-gallery/admin/scripts/FileUploader/php.php" \
"id:226980,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in the ReFlex Gallery plugin before 3.1.4 for WordPress (CVE-2015-4133)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:Year|ARGS_GET:Month "@ge 1" \
"chain,t:none"
SecRule FILES "!@rx \.(?:jpe?g|gif|bmp|png)$" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith db-backup/download.php" \
"id:227070,chain,msg:'COMODO WAF: Directory traversal vulnerability in the DB Backup plugin 4.5 and earlier for WordPress (CVE-2014-9119)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:file "@rx ^\/|\.\." \
"t:none,t:urlDecodeUni,t:normalizePath"
SecRule ARGS_GET:page "@contains power_play_manage" \
"id:227090,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in the Powerplay Gallery plugin 3.3 for WordPress (CVE-2015-5681)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains admin.php" \
"chain,t:none,t:lowercase"
SecRule FILES_NAMES "album_img" \
"chain,t:none,t:lowercase"
SecRule FILES "!@rx \.(?:jpe?g|gif|bmp|png)$" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith proxy.php" \
"id:227190,chain,msg:'COMODO WAF: Absolute path traversal vulnerability in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress (CVE-2015-5065)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:requrl "@rx ^(\.\.|\/)" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith twentyfifteen/genericons/example.html" \
"id:227200,msg:'COMODO WAF: XSS vulnerability in Genericons before 3.3.1, as used in WordPress before 4.2.2 (CVE-2015-3429)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith lib/dp_image.php" \
"id:227220,chain,msg:'COMODO WAF: Directory traversal vulnerability in the DukaPress plugin before 2.5.4 for WordPress (CVE-2014-8799)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:src "@rx ^\/|\.\." \
"t:none,t:urlDecodeUni,t:normalizePath"
SecRule REQUEST_FILENAME "@endsWith library/clicktracker.php" \
"id:227500,chain,msg:'COMODO WAF: SQL injection vulnerability in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress (CVE-2014-1854)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:track "!@rx ^\d*," \
"t:none,t:base64Decode"
SecRule REQUEST_FILENAME "@contains inc/amfphp/administration/banneruploaderscript" \
"id:227830,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 for WordPress (CVE-2014-9308)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:normalizePath,t:urlDecodeUni,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule FILES "!@rx \.(?:jpe?g|gif|bmp|png)$" \
"t:none,t:lowercase"
SecRule &FILES "@ge 1" \
"id:228070,chain,msg:'COMODO WAF: Shell upload vulnerability in Gravity Forms 1.8.19 and earlier||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:gf_page "@streq upload" \
"chain,t:none"
SecRule &ARGS:form_id "@ge 1" \
"chain,t:none"
SecRule &ARGS_POST:field_id "@ge 1" \
"chain,t:none"
SecRule ARGS:name "@rx \.(?:php\d?|js|p(?:l|y)|rb|sh|(?:p|s|x|d)?html?\d?|asp|exe|dll|com|htaccess)$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith infusionsoft/utilities/code_generator.php" \
"id:228080,msg:'COMODO WAF: Arbitrary File Upload and Arbitrary PHP Code Execution in the Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress (CVE-2014-6446)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@contains /wp-content/plugins/" \
"id:228400,chain,msg:'COMODO WAF: Absolute path traversal vulnerability in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress (CVE-2014-4577)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,t:urlDecodeUni,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith reviews.php" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:url "@rx ^[\\\/]" \
"t:none,t:urlDecodeUni,t:normalizePath"
SecRule ARGS_POST:action "@pm miglaA_update_me wpgdprc_process_action" \
"id:230970,chain,msg:'COMODO WAF: Arbitrary Code Execution vulnerability in WP GDPR Compliance plugin before 1.4.3 and Total Donations plugin through 2.0.5 for WordPress (CVE-2018-19207, CVE-2019-6703)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:data "@pm administrator editor users_can_register" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:page "@streq disqus" \
"id:232590,chain,msg:'COMODO WAF: XSS vulnerability in Disqus Comment System plugin before 2.76 for WordPress (CVE-2014-5347)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:disqus_replace "!@pm all closed" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/edit-comments.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule &ARGS_GET:swp_url "@ge 1" \
"id:232920,chain,msg:'COMODO WAF: RFI vulnerability in social warfare plugin before 3.5.3 for WordPress(CVE-2019-9978)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_GET:swp_debug "@ge 1" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-post.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule &ARGS_GET:/^adaptive-images-settings/ "@ge 1" \
"id:233590,chain,msg:'COMODO WAF: LFI vulnerability in Nevma Adaptive Images plugin before 0.6.67 for WordPress (CVE-2019-14205 and CVE-2019-14206)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-content/uploads/" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule ARGS_GET:adaptive-images-settings[source_file]|ARGS_GET:adaptive-images-settings[cache_dir] "@rx \.\.\/|^\/" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:page "@beginsWith wppcp-" \
"id:234160,chain,msg:'COMODO WAF: Privilege escalation vulnerability in wp-private-content-plus plugin before 2.0 for WordPress (CVE-2019-15816)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule MATCHED_VAR "@rx ^wppcp-(?:(?:search-|password-|upme-|security-)?settings(?:-page)?|global-restrictions)$" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &TX:WordPress "@eq 0" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:RelayState "@streq testvalidate" \
"id:233280,chain,msg:'COMODO WAF: XSS vulnerability in miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress (CVE-2019-12346)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:SAMLResponse "@contains <" \
"t:none,t:base64Decode,t:urlDecodeUni"
SecRule ARGS_GET:page "@streq owp_setup" \
"id:234260,chain,msg:'COMODO WAF: Privilege escalation vulnerability in Ocean Extra plugin through 1.5.8 for WordPress (CVE-2019-16250)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:WordPress "@eq 0" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-post.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS:page|ARGS:option_page "@streq bt_bb_settings" \
"id:234280,chain,msg:'COMODO WAF: Privilege escalation vulnerability in bold-page-builder plugin before 2.3.2 for WordPress (CVE-2019-15821)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:WordPress "@eq 0" \
"chain,t:none"
SecRule REQUEST_FILENAME "@rx \/wp-admin\/options(?:-general)?\.php$" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:page "@streq search_exclude" \
"id:234290,chain,msg:'COMODO WAF: Privilege escalation vulnerability in Search Exclude plugin before 1.2.4 for WordPress (CVE-2019-15895)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:WordPress "@eq 0" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/options-general.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:page "@streq lolmi-settings" \
"id:234320,chain,msg:'COMODO WAF: Privilege escalation vulnerability in login-or-logout-menu-item plugin before 1.2.0 for WordPress (CVE-2019-15820)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &TX:WordPress "@eq 0" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/options-general.php" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234600,chain,msg:'COMODO WAF: XSS vulnerability in breadcrumbs-by-menu plugin before 1.0.3 for WordPress (CVE-2019-15865)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq breadcrumbs_by_menu_settings" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:bcbm_root_item_text|ARGS_POST:bcbm_separator "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234610,chain,msg:'COMODO WAF: Injection vulnerability in codepress-admin-columns plugin 3.4.6 for WordPress (CVE-2019-17661)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS_POST:createuser|&ARGS_POST:user_id "@ge 1" \
"chain,t:none"
SecRule ARGS_POST:first_name|ARGS_POST:last_name "@rx (?:\x27|\x60)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234630,chain,msg:'COMODO WAF: XSS vulnerability in Blog2Social plugin before 5.9.0 for WordPress (CVE-2019-17550)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq blog2social-calendar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:b2s_id "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234640,chain,msg:'COMODO WAF: XSS vulnerability in Cleantalk-spam-protect plugin before 5.127.4 for WordPress (CVE-2019-17515)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@within ct_check_spam ct_check_users" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:from|ARGS_GET:till "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234650,chain,msg:'COMODO WAF: Unrestricted file upload vulerability in Social Photo Gallery plugin 1.0 for WordPress (CVE-2019-14467)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq add-album" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule FILES "@rx \.(?:(?:p|s|x|d)?h(?:p[2-7s]?|(?:tm)?l?)|dll|exe|js|p(?:l|y)|rb|sh|cgi|com|bat|aspx?)" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:WordPress "@eq 1" \
"id:234660,chain,msg:'COMODO WAF: RCE vulnerability in Tribulant Newsletters plugin before 4.6.19 for WordPress (CVE-2019-14788)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq newsletters_exportmultiple" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:/^subscribers\[\d/ "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234670,chain,msg:'COMODO WAF: LFI vulnerability in Tribulant Newsletters plugin before 4.6.19 for WordPress (CVE-2019-14788)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:action "@streq newsletters_exportmultiple" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:exportfile "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule &ARGS_POST:Export_Submit "@ge 1" \
"id:234680,chain,msg:'COMODO WAF: Privilege escalation vulnerability in ultimate-faqs plugin through 1.8.24 for WordPress (CVE-2019-17232)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq ewd-ufaq-options" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_BASENAME "@streq admin.php" \
"chain,t:none,t:lowercase"
SecRule &TX:WordPress "@eq 0" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234690,chain,msg:'COMODO WAF: SQLi vulnerability in Sygnoos Popup Builder plugin before 3.45 for WordPress (CVE-2019-14695)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq sgpbsubscribers" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:orderby "@rx \W" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234700,chain,msg:'COMODO WAF: SQLi vulnerability in ninja-forms plugin before 3.3.21.2 for WordPress (CVE-2019-15025)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:post_type "@streq nf_sub" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:form_id|ARGS_GET:nf_form_filter|ARGS_GET:begin_date|ARGS_GET:end_date "!@rx (?:^[\w\/\-]+$|^$)" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234710,chain,msg:'COMODO WAF: XSS vulnerability in Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress (CVE-2019-19306)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq create-leadform-builder" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:module|ARGS_GET:EditShortcode|ARGS_GET:LayoutName "@contains <" \
"t:none,t:urlDecodeUni"
SecRule ARGS_POST:action "@streq fv_wp_flowplayer_email_signup" \
"id:234720,chain,msg:'COMODO WAF: SQLi vulnerability in FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress (CVE-2019-14801)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "@streq admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:list|ARGS_POST:email "@rx [^\w\-\.@]" \
"t:none,t:urlDecodeUni"
SecRule TX:WordPress "@eq 1" \
"id:234730,chain,msg:'COMODO WAF: SQLi vulnerability in Xpert Solution Server Status by Hostname/IP plugin 4.6 for WordPress (CVE-2019-12570)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq all-servers" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:WordPress "@eq 1" \
"id:234740,chain,msg:'COMODO WAF: LFI vulnerability in ad-inserter plugin before 2.4.20 for WordPress (CVE-2019-15323)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:action "@streq ai_ajax_backend" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:image "@contains ../" \
"t:none,t:urlDecodeUni"
SecRule &ARGS_POST:cid "@ge 1" \
"id:234750,chain,msg:'COMODO WAF: Unrestricted file upload vulnerability in WP Live Chat Support Pro plugin through 8.0.26 for WordPress (CVE-2019-11185)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith wp-json/wp_live_chat_support/v1/remote_upload" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule FILES "@rx \.(?:(?:p|s|x|d)?h(?:p[2-7s]?|(?:tm)?l?)|dll|exe|js|p(?:l|y)|rb|sh|cgi|com|bat|aspx?)" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"id:211360,chain,msg:'Path traversal vulnerability in Medoa from FTP||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecode,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_GET:page "@streq mediafromftp-search-register" \
"chain,t:none"
SecRule ARGS_POST:searchdir "@contains /../../" \
"t:none,t:urlDecode,t:normalizePath"
SecRule ARGS_POST:action "@contains wp-content/plugins/myeasybackup/meb_download.php" \
"id:234760,chain,msg:'COMODO WAF: Directory Traversal vulnerability in myEASYbackup 1.0.8.1 for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecode,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS_POST:dwn_file "@contains ../" \
"t:none,t:urlDecode,t:normalizePath"
SecRule REQUEST_FILENAME "@contains /admin-ajax.php" \
"id:234770,chain,msg:'COMODO WAF: Path traversal in MapPress Maps before 2.53.9 plugin for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,t:urlDecodeUni,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@rx mapp_tpl_(?:delete|save|get)" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS:name "@rx \.\.\/\.\.\/" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@contains /admin-ajax.php" \
"id:234780,chain,msg:'COMODO WAF: RFI vulnerability in the Widget Importer & Exporter plugin for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,t:urlDecodeUni,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:action "@streq import_widget_data" \
"chain,t:none,t:urlDecode"
SecRule ARGS:name "@rx (?:ht|f)tps?\:\/\/" \
"t:none,t:urlDecodeUni,t:normalizePath"
SecRule REQUEST_METHOD "@streq POST" \
"id:234800,chain,msg:'COMODO WAF: Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload||%{tx.domain}|%{tx.mode}|2',phase:2,deny,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-admin/admin-ajax.php" \
"chain,t:none,t:urlDecodeUni,t:normalizePath,t:htmlEntityDecode"
SecRule ARGS:action "@streq elementor_ajax" \
"chain,t:none,t:urlDecode"
SecRule REQUEST_HEADERS:Referer "@contains /wp-admin/post-new.php?post_type=elementor_icons" \
"chain,t:none,t:urlDecode,t:htmlEntityDecode,t:normalizePath"
SecRule REQUEST_BODY "@rx \x22pro_assets_manager_custom_icon_upload\x22:\{\x22action\x22:\x22pro_assets_manager_custom_icon_upload\x22" \
"chain,t:none,t:urlDecode,t:htmlEntityDecode,t:compressWhitespace"
SecRule FILES "@rx \.(zip|php\d?|p?html)$" \
"t:none,t:urlDecode"
SecRule REQUEST_FILENAME "@contains /wp-admin/admin.php" \
"id:234810,chain,msg:'XSS in WordPress Plugin WooCommerce Product Feed before2.2.18||%{tx.domain}|%{tx.mode}|2',phase:2,deny,t:none,t:urlDecode,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq woo_feed_manage_feed" \
"chain,t:none,t:urlDecode"
SecRule ARGS:link "@rx \x3e\x3c" \
"t:none,t:urlDecode,t:htmlEntityDecode,t:compressWhitespace"
SecRule REQUEST_FILENAME "@contains /wp-admin/admin.php" \
"id:234820,chain,msg:'COMODO WAF: Wordpress Plugin Ajax Load More 5.3.1 Authenticated SQL Injection||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,t:normalizePath,t:urlDecode,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq ajax-load-more-repeaters" \
"chain,t:none,t:urlDecode"
SecRule ARGS:repeater "@contains '" \
"t:none,t:urlDecode,t:htmlEntityDecode"
SecRule REQUEST_METHOD "@streq POST" \
"id:234830,chain,msg:'COMODO WAF: XSS Vulnerability in Yes-co ORES for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,block,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /admin-ajax.php" \
"chain,t:none,t:normalizePath"
SecRule ARGS:action "@streq setsetting" \
"chain,t:none"
SecRule ARGS:yog_google_maps_api_key "@rx \x22" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_METHOD "@streq POST" \
"id:234840,chain,msg:'COMODO WAF: XSS vulnerability in WP Google Maps||%{tx.domain}|%{tx.mode}|2',phase:2,block,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-admin/" \
"chain,t:none,t:normalizePath"
SecRule ARGS:action "@streq setsetting" \
"chain,t:none"
SecRule ARGS:rectangle_opacity|ARGS:rectangle_name "@rx \x22" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@contains /wp-admin/options-general.php" \
"id:234850,chain,msg:'COMODO WAF: Reflected XSS in Blubrry subscribe-sidebar plugin 1.3.1 for WordPress (2020-25033)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,t:none,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@contains subscribe_sidebar.php" \
"chain,t:none,t:htmlEntityDecode"
SecRule ARGS:status "@contains <" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_URI "@contains /nexos-wp/" \
"id:234860,chain,msg:'COMODO WAF: SQL Injection in The Nexos theme through 1.7 for WordPress (CVE-2020-15363)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,t:none,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:search_order|ARGS:search_location "@rx \x22" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"id:234870,chain,msg:'COMODO WAF: XSS vulnerability in RSS feed widget V2.7.9 for WordPress (CVE-2020-24314)||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq rfw_options" \
"chain,t:none"
SecRule ARGS:t "@rx \x22<" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@contains /wp-admin/options-general.php" \
"id:234880,chain,msg:'COMODO WAF: XSS vulnerability in Subscribe Sidebar plugin for WordPress (CVE-2020-25033)||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq subscribe_sidebar.php" \
"chain,t:none,t:htmlEntityDecode"
SecRule ARGS:status "@rx <script" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@contains /wp-admin/admin.php" \
"id:234890,chain,msg:'COMODO WAF: XSS vulnerability in ultimate appointment V1.1.9 for WordPress (CVE-2020-24313)||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq EWD-UASP-options" \
"chain,t:none"
SecRule ARGS:Action "@streq EWD_UASP_AppointmentDetails" \
"chain,t:none"
SecRule ARGS:Appointment_ID "@rx \x22<" \
"t:none,t:urlDecode"
SecRule REQUEST_FILENAME "@contains /nexos-wp/top-map/" \
"id:234900,chain,msg:'COMODO WAF: XSS vulnerability in nexos real estate theme for WordPress (2020-15364)||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule &ARGS:search_order "@gt 0" \
"chain,t:none"
SecRule ARGS:search_location "@rx \x22<" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_METHOD "^POST$" \
"id:234910,chain,msg:'COMODO WAF: XSS in cm-download-manager plugin before 2.8.0 for WordPress (CVE-2020-27344)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@contains /cmdownload/add/" \
"chain,t:none,t:normalizePath"
SecRule REQUEST_HEADERS:Content-Disposition "@rx filename=\x22[^\<]{0,32}\<" \
"t:none"
SecRule REQUEST_METHOD "^POST$" \
"id:234920,chain,msg:'COMODO WAF: Unauthenticated stored XSS in Loginizer 1.3.8-1.3.9 plugin for WordPress (CVE-2018-11366)||%{tx.domain}|%{tx.mode}|2',phase:2,block,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_BASENAME "wp-login\.php" \
"chain,t:none"
SecRule ARGS:log "!@rx ^$" \
"chain,t:none"
SecRule ARGS:pwd "!@rx ^$" \
"chain,t:none"
SecRule ARGS "\<script\>" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "\/lib\/php\/connector\.minimal\.php$" \
"id:234930,msg:'COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||%{tx.domain}|%{tx.mode}|2',phase:2,block,t:none,t:normalizePath,t:htmlEntityDecode,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"id:234940,chain,msg:'COMODO WAF: XSS in Store/AccessPress Themes WP Floating Menu V1.3.0 for WordPress (CVE-2020-25378)||%{tx.domain}|%{tx.mode}|2',phase:2,block,t:none,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq wpfm-admin" \
"chain,t:none"
SecRule ARGS:id "\x22" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/post.php" \
"id:234950,chain,msg:'COMODO WAF: XSS vulnerability in Testimonial Rotator 3.0.2 plugin for WordPress (CVE-2020-26672)||%{tx.domain}|%{tx.mode}|2',phase:2,block,t:none,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:cite "@contains <script" \
"t:none"
SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin.php" \
"id:234960,chain,msg:'COMODO WAF: XSS in recall products v0.8 plugin for WordPress (CVE-2020-25380)||%{tx.domain}|%{tx.mode}|2',phase:2,block,t:none,t:normalizePath,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq recall-add" \
"chain,t:none"
SecRule ARGS:/recall/ "@contains <script" \
"t:none"
SecRule REQUEST_METHOD "@streq POST" \
"id:226002,chain,msg:'COMODO WAF: SQL Injection vulnerability in Good Layers LMS Plugin before 2.1.4 for WordPress (CVE-2020-27481)||%{tx.domain}|%{tx.mode}|2',phase:2,block,t:none,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_FILENAME "@contains /wp-admin/admin-ajax.php" \
"chain,t:none,t:normalizePath"
SecRule ARGS:action "@streq gdlr_lms_cancel_booking" \
"chain,t:none"
SecRule ARGS:id "!@rx \w" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@endsWith wp-admin/post.php" \
"id:234980,chain,msg:'COMODO WAF: Directory traversal vulnerability in the Simple Board Job plugin 2.9.3 for WordPress (CVE-2020-35749)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,t:none,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:post "@streq application_id" \
"chain,t:none"
SecRule ARGS:action "@streq edit" \
"chain,t:none"
SecRule ARGS:sjb_file "@contains ../" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_FILENAME "@contains /wp-content/plugins/super-forms/uploads/php/" \
"id:234990,chain,msg:'COMODO WAF: Arbitrary File Upload in SuperForms 4.9 plugin for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,deny,t:none,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule FILES "@rx \.php?\d" \
"t:none,t:urlDecode"
SecRule REQUEST_FILENAME "@endsWith wp-admin/admin.php" \
"id:235000,chain,msg:'COMODO WAF: XSS in PageLayer plugin before 1.1.2 for WordPress (CVE-2020-35944)||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule ARGS:page "@streq pagelayer" \
"chain,t:none"
SecRule ARGS:pagelayer-address "@rx <script" \
"t:none,t:htmlEntityDecode"
SecRule REQUEST_METHOD "@rx POST" \
"id:235020,chain,msg:'COMODO WAF: Privilege Escalation in TheCartPress 1.5.3.6 plugin for WordPress||%{tx.domain}|%{tx.mode}|2',phase:2,block,rev:2,severity:2,tag:'CWAF',tag:'WPPlugin'"
SecRule REQUEST_URI "@contains /wp-admin/admin-ajax.php" \
"chain,t:none,t:normalizePath"
SecRule ARGS:action "@streq tcp_register_and_login_ajax" \
"chain,t:none"
SecRule ARGS:tcp_role "@streq administrator" \
"t:none"