Rule Update
25-023 (June 3, 2025)
Publish date: June 03, 2025
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Ivanti Avalanche
1012298* - Ivanti Avalanche Authentication Bypass Vulnerability (CVE-2024-13181)
Ivanti Endpoint Manager
1012207* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-50330)
Microsoft Configuration Manager
1012289* - Microsoft Configuration Manager SQL Injection Vulnerability (CVE-2024-43468)
MyQ Print Server
1012268* - MyQ Print Server Remote Code Execution Vulnerability (CVE-2024-28059)
Solr Service
1012291* - Apache Solr Directory Traversal Vulnerability (CVE-2024-52012)
Web Application Common
1011718* - ThinkPHP SQL Injection Vulnerability (CVE-2021-44350)
Web Application PHP Based
1011689* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2022-4069)
1011644* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2022-4067)
1012260* - LibreNMS Stored Cross-Site Scripting Vulnerability (CVE-2024-50352)
1011736* - OpenCATS Cross-Site Scripting Vulnerability (CVE-2023-27293)
1011772* - Pimcore SQL Injection Vulnerability (CVE-2023-1578)
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011641* - WordPress 'Availability Calendar' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24604)
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011629* - WordPress 'Donate With QRCode' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24618)
1011754* - WordPress 'Duplicator' Plugin Information Disclosure Vulnerability (CVE-2022-2551)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605* - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011643* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2020-35589)
1011634* - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24657)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011747* - WordPress 'Metform Elementor Contact Form Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0084)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011714* - WordPress 'Paid Memberships Pro' Plugin Cross-Site Scripting Vulnerability (CVE-2022-4830)
1011695* - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-23488)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011638* - WordPress 'Responsive 3D Slider' Plugin SQL Injection Vulnerability (CVE-2021-24398)
1011528* - WordPress 'Simple File List' Plugin Directory Traversal Vulnerability (CVE-2022-1119)
1011637* - WordPress 'Simple School Staff Directory' Plugin Arbitrary File Upload Vulnerability (CVE-2021-24663)
1011621* - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011632* - WordPress 'Splash Header' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24587)
1011618* - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011636* - WordPress 'ThinkTwit' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24582)
1009644* - WordPress 'W3 Total Cache' Plugin Arbitrary File Read Vulnerability (CVE-2019-6715)
1011622* - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1012368 - WordPress 'WP Hotel Booking' Plugin SQL Injection Vulnerability (CVE-2023-5652)
1011620* - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Application Tomcat
1012369 - vBulletin Remote Code Execution Vulnerability (CVE-2025-48828)
Web Server Common
1011690* - dotCMS Directory Traversal Vulnerability (CVE-2022-45783)
Web Server HTTPS
1012371 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47865)
1012372 - Trend Micro Apex Central Local File Inclusion Vulnerability (CVE-2025-47867)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
- Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
- Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
- The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
- Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more