New WAF Objects: [total: 7] ================================== Signature: ID: '708351' Name: 'CVE-2021-21809: Spellchecker Moodle command execution' Pattern: part="lib/editor/tinymce/plugins/spellchecker/rpc.php", rgxp="method=checkWords" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708352' Name: 'CVE-2021-21809: Spellchecker Moodle command execution v2' Pattern: part="admin/settings.php", part="section=systempaths", part="s__aspellpath" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Policy: name: 'CVE-2025-34026: Versa Concerto Actuator Endpoint - Authentication Bypass' id: '20000302' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /portalapi/actuator - part: header name: Connection operation: MatchRegExp value: X-Real-IP$ Signature: Name: "CVE-2025-34027 : Versa Concerto API Path Based - Authentication Bypass" ID: "708350" Pattern: 'part="/portalapi/v1/roles/option", rgxp="\/portalapi\/v1\/roles\/option;[\s\S]{1,5}"' Attack: "Authentication Bypass - Blocking" Attack Class: "Authentication Bypass" Dictionary: "Recommended for Blocking for Web Applications" Policy: "Recommended Signatures Policy for Web Applications" Search In: - "url-and-parameters" Signature: ID: '708349' Name: 'CVE-2025-4322: Motors WP Plugin - Unauthenticated Privilege Escalation via Password Update/Account Takeover' Pattern: part="hash_check", part="stm_new_password", rgxp="(?:\/login|user|password|\/auth|\/sign|\/register|account)" Attack: Authentication Bypass - Blocking Attack Class: Authentication Bypass Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708348' Name: 'CVE-2025-4428: Ivanti EPMM Unauth RCE Chain v2' Pattern: part="/api/v2/featureusage", part="format", rgxp="(?i)format=(?!json\b|xml\b|csv\b|xlsx\b)" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Policy: name: 'CVE-2025-27007: WordPressOttoKit plugin - Authentication Bypass' id: '20000301' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /wp-json/sure-triggers/v1/automation/action - part: parameter name: type_event operation: includes value: create_user_if_not_exists - part: header name: St-Authorization operation: MatchRegExp value: ^$ - type: HTTP Request Method operation: At Least One values: - POST