This resource is for customers who are currently using Trend Micro Managed Rule Groups for AWS WAF from the AWS Marketplace. To keep our customers up to date, we will continue to update this page as new updates are made to any of the Managed Rule Groups. This page will only show changes that have been made to the rule groups, for more information on these products please see the product information and FAQ pages.

Tuesday, October 9th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla! Solidres SQL Injection Vulnerability (CVE-2018-5980)
  • Joomla Extension jDownloads Cross Site Scripting Vulnerability (CVE-2018-10068)
  • WordPress Live Chat Support Cross Stie Scripting Vulnerability (CVE-2019-9913)
  • WordPress GoogleMaps Reflected Cross Site Scripting Vulnerability (CVE-2019-9912)
  • WordPress NextScripts Plugin Cross Site Scripting Vulnerability (CVE-2019-9911)
  • WordPress YOP Poll Plugin Cross Site Scripting Vulnerability (CVE-2019-9914)
  • WordPress Plugin Pie Register Blind SQL Injection Vulnerability (CVE-2018-10969)

Tuesday, September 24th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • WordPress Plugin Duplicator Cross-Site Scripting Vulnerability (CVE-2018-7543) – 1
  • Joomla Component Guru Pro ‘promocode’ SQL Injection Vulnerability
  • WordPress Ninja Forms Plugin Arbitrary File Upload Vulnerability (CVE-2019-10869)
  • Joomla Component My Projects SQL Injection Vulnerability
  • Joomla Component JEXTN FAQ Pro SQL Injection Vulnerability (CVE-2017-17875)
  • Joomla Component JB Visa ‘visatype’ SQL Injection Vulnerability
  • jQuery Upload File Arbitrary File Upload Vulnerability (CVE-2018-9207)
  • Joomla JGive SQL Injection Vulnerability (CVE-2018-5970) – 2

Tuesday, September 10th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla JquickContact SQL Injection Vulnerability (CVE-2018-5983)
  • Joomla JquickContact SQL Injection Vulnerability CVE-2018-5983) – 1
  • Joomla SimpleCalendar SQL Injection Vulnerability (CVE-2018-5974) – 1
  • Joomla Component Guru Pro ‘promocode’ SQL Injection Vulnerability
  • Joomla Component Guru Pro ‘promocode’ SQL Injection Vulnerability – 2
  • Joomla JGive SQL Injection Vulnerability (CVE-2018-5970)
  • Joomla JGive SQL Injection Vulnerability (CVE-2018-5970) – 1
  • Joomla JGive SQL Injection Vulnerability (CVE-2018-5970) – 3
  • Joomla! Extension Full Social ‘search_query’ SQL Injection Vulnerability

Tuesday, August 27th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • WordPress Plugin Loginizer Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2018-11366)
  • Joomla Realpin SQL Injection Vulnerability (CVE-2018-6005)
  • Joomla Realpin SQL Injection Vulnerability (CVE-2018-6005) – 1
  • Joomla Project Log SQL Injection Vulnerability (CVE-2018-6024)
  • Joomla! Component vReview SQL Injection Vulnerability
  • WordPress Statistics Unauthenticated Blind SQL Injection Vulnerability – 2
  • Joomla! extension EkRishta SQL Injection Vulnerability
  • Joomla! extension EkRishta SQL Injection Vulnerability-1
  • WordPress Statistics Unauthenticated Blind SQL Injection Vulnerability
  • Joomla! extension EkRishta SQL Injection Vulnerability – 2

Thursday, August 8th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • WordPress Plugin Duplicator Cross-Site Scripting Vulnerability (CVE-2018-7543)
  • WordPress Form Maker Plugin SQL Injection Vulnerability (CVE-2019-10866) – 1
  • WordPress Form Maker Plugin SQL Injection Vulnerability (CVE-2019-10866)
  • Drupal Core Critical Arbitrary PHP Code Execution Vulnerability (CVE-2019-6339)
  • WordPress AMP Plugin Cross Site Scripting Vulnerability (CVE-2018-20838)
Trend Micro Managed Rules for AWS WAF – WebServer
  • Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2019-2725)

Thursday, July 25th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla! Pinterest Clone Social Pinboard SQL Injection Vulnerability (CVE-2018-5987)
  • Joomla! Saxum Astro SQL Injection Vulnerability (CVE-2018-7180)
  • Joomla! Saxum Numerology SQL Injection Vulnerability (CVE-2018-7177)
  • Joomla! Saxum Numerology SQL Injection Vulnerability (CVE-2018-7177) – 2
  • Joomla! SquadManagement SQL Injection Vulnerability (CVE-2018-7179)
  • Joomla JS Jobs SQL Injection Vulnerability (CVE-2018-5994)
  • Joomla JS Jobs SQL Injection Vulnerability (CVE-2018-5994) – 1
  • Joomla JS Jobs SQL Injection Vulnerability (CVE-2018-5994) – 2
  • Joomla JS Jobs SQL Injection Vulnerability (CVE-2018-5994) – 3

Thursday, June 20th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla com_niceajaxpoll Sql injection Vulnerability
  • Joomla MediaLibrary Free SQL Injection Vulnerability (CVE-2018-5971)
  • Joomla MediaLibrary Free SQL Injection Vulnerability (CVE-2018-5971) – 3
  • Joomla MediaLibrary Free SQL Injection Vulnerability (CVE-2018-5971) – 4

Thursday, May 30th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla EXP Auto SQL Injection Vulnerability
  • Joomla JTicketing SQL Injection (CVE-2018-6585)
  • Joomla JTicketing SQL Injection (CVE-2018-6585) – 1
  • Joomla JS Autoz SQL Injection (CVE-2018-6006)
  • Joomla JS Autoz SQL Injection (CVE-2018-6006) – 1

Thursday, May 16th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • WordPress Google Map Plugin SQL Injection Vulnerability
  • WordPress Google Map Plugin SQL Injection Vulnerability – 2
  • WordPress Ultimate Form Builder Lite Plugin SQL Injection Vulnerability
  • WordPress Ultimate Form Builder Lite Plugin SQL Injection Vulnerability – 2
  • WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
  • WordPress Duplicator Remote Code Execution Vulnerability

Thursday February 28th, 2019

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla! J-ClassifiedsManager SQL Injection Vulnerability
  • Joomla! J-MultipleHotelReservation SQL Injection Vulnerability
  • WordPress ‘pitajte-strucnjaka’ Plugins Backdoor Access Vulnerability

Thursday November 29th, 2018

Trend Micro Managed Rules for AWS WAF – CMS
  • WordPress Plugin iThemes Security SQLi Vulnerability (CVE-2018-12636)
  • WordPress Plugin iThemes Security SQLi Vulnerability (CVE-2018-12636) – 2
  • WordPress All-In-One Favicon Multiple Stored Authenticated XSS Vulnerability (CVE-2018-13832)
  • WordPress File Away Plugin File Disclosure Vulnerability
  • WordPress File Away Plugin File Disclosure Vulnerability – 2

Friday November 16th, 2018

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla Component Ekrishta SQL Injection Vulnerability (CVE-2018-12254)
  • Joomla Component Visual Calendar ‘id’ SQL Injection Vulnerability (CVE-2018-6395)
  • phpMyAdmin Local File Inclusion Vulnerability (CVE-2018-12613)
  • WordPress Authenticated Arbitrary File Deletion Vulnerability (CVE-2018-12895)
  • WordPress Gwolle Guestbook Plugin Cross Site Scripting Vulnerability
  • WordPress Plugin Events Calendar SQL Injection Vulnerability
  • WordPress Snazzy Maps Cross Site Scripting Vulnerability
  • WordPress Plugin Job Manager Cross-Site Scripting
  • WordPress Plugin Job Manager Cross-Site Scripting – 2
  • WordPress Plugin Job Manager Cross-Site Scripting – 3

Thursday August 30th, 2018

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla! Staff Master SQL Injection Vulnerability (CVE-2018-5992)
  • Joomla! Timetable Responsive Schedule SQL Injection Vulnerability (CVE-2018-6583)
  • Joomla! ccNewsletter SQL Injection Vulnerability (CVE-2018-5989)
  • Joomla! Saxum Picker SQL Injection Vulnerability (CVE-2018-7178)
  • Joomla! Smart Shoutbox SQL Injection Vulnerability (CVE-2018-5975)

Thursday May 10th, 2018

Trend Micro Managed Rules for AWS WAF – CMS
    • Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600)
    • Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600) – 1
  • Drupal Core Remote Code Execution Vulnerability (CVE-2018-7600) – 2

Thursday May 3rd, 2018

Trend Micro Managed Rules for AWS WAF – CMS
    • Joomla Component CheckList SQL Injection Vulnerability (CVE-2018-7318)
    • Joomla Component CheckList SQL Injection Vulnerability (CVE-2018-7318) – 1
    • Joomla Component Ek Rishta SQL Injection Vulnerability (CVE-2018-7315)
    • Joomla Component Ek Rishta SQL Injection Vulnerability (CVE-2018-7315) – 1
    • Joomla Component Alexandria Book Library ‘letter’ SQL Injection Vulnerability (CVE-2018-7312)
    • Joomla Component Alexandria Book Library ‘letter’ SQL Injection Vulnerability (CVE-2018-7312) – 1
    • Joomla com_scatalog SQL Injection Vulnerability
    • Joomla com_subcategory SQL Injection Vulnerability
    • Joomla NeoRecruit SQL Injection (CVE-2018-6370)
  • Joomla SimpleCalendar SQL Injection Vulnerability (CVE-2018-5974)

Friday April 13th, 2018

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla Component Form Maker SQL Injection Vulnerability (CVE-2018-5991)
  • Joomla Component Form Maker SQL Injection Vulnerability (CVE-2018-5991) – 1
  • Joomla Component OS Property Real Estate SQL Injection Vulnerability (CVE-2018-7319)
  • Joomla Component CP Event Calendar ‘id’ SQL Injection Vulnerability (CVE-2018-6398)
  • Joomla com_jomestate Sql injection Vulnerability
  • Joomla com_pricelist SQL Injection Vulnerability
  • WordPress Plugin Duplicator Cross-Site Scripting Vulnerability (CVE-2018-7543) – 1

Thursday March 22nd, 2018

Trend Micro Managed Rules for AWS WAF – CMS
    • WordPress Plugin Events Calendar event_id SQL Injection Vulnerability (CVE-2018-5315)
    • WordPress Smooth Slider Plugin SQL injection Vulnerability
    • WordPress Testimonial Slider Plugin SQL injection Vulnerability
    • WordPress Testimonial Slider Plugin SQL injection Vulnerability – 1
    • Joomla ‘com_adagency’ Plugin SQL Injection Vulnerability (CVE-2018-5696)
    • Joomla JB Bus SQL Injection Vulnerability (CVE-2018-6372)
    • Joomla InviteX SQL Injection Vulnerability (CVE-2018-6394)
    • Joomla Google Map Landkarten SQL Injection (CVE-2018-6396)
    • Joomla Google Map Landkarten SQL Injection (CVE-2018-6396) – 1
  • Joomla Gallery WD SQL Injection Vulnerability (CVE-2018-5981)

Thursday February 15th, 2018

Trend Micro Managed Rules for AWS WAF – CMS
  • Joomla Component JEXTN Classified ‘sid’ SQL Injection Vulnerability (CVE-2018-6575)
  • Joomla Component JEXTN Classified ‘sid’ SQL Injection Vulnerability (CVE-2018-6575) – 1
  • Joomla Component JEXTN Reverse Auction SQL Injection Vulnerability (CVE-2018-6579)
  • Joomla Component JEXTN Reverse Auction SQL Injection Vulnerability (CVE-2018-6579) – 1
  • Joomla Component Jimtawl Arbitrary File Upload Vulnerability (CVE-2018-6580)
  • Joomla Component JMS Music SQL Injection Vulnerability (CVE-2018-6581)

Thursday January 18th, 2018

Trend Micro Managed Rules for AWS WAF – CMS
  • WordPress Smart Google Code Inserter Plugin SQL Injection Vulnerability (CVE-2018-3811)
  • Joomla JEXTN Question And Answer SQL Injection Vulnerability (CVE-2017-17871)
  • Joomla Component User Bench ‘userid’ SQL Injection Vulnerability
  • Joomla Component Guru Pro ‘promocode’ SQL Injection Vulnerability
  • ImageMagick Use-After-Free Vulnerability (CVE-2017-17504)
Trend Micro Managed Rules for AWS WAF – WebServer (Apache, Nginx)
  • Apache Struts2 Jackson JSON Library Deserializer Remote Code Execution Vulnerability (CVE-2017-7525)