0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'change_klarna_addon_status', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[239] = wfWAFRule::create($this, 239, NULL, 'auth-bypass', '100', 'Timetable and Event Schedule by MotoPress <= 2.3.8 XSS and Unsafe Extraction', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'route_url', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'mptt_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'mptt_action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[243] = wfWAFRule::create($this, 243, NULL, 'xss', '100', 'Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Missing Authorization to Cross-Site Scripting', 1, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'pagelayer_save_content', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_do_shortcodes', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_get_taxonomy_list', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_apply_revision', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_post_nav', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_get_revision', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_post_info', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_posts_data', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_products_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_product_archives', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_create_post_autosave', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pagelayer_get_pages_list', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'author', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'contributor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[244] = wfWAFRule::create($this, 244, NULL, 'file_upload', '100', 'Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'elementor_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.files', 'zip_upload'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[247] = wfWAFRule::create($this, 247, NULL, 'xss', '100', 'WP Product Review Lite <= 3.7.5 - Unauthenticated Stored Cross Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+wp-product-review[\\/]+update-review/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wp-product-review[\\/]+update-review/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[248] = wfWAFRule::create($this, 248, NULL, 'bypass', '100', 'Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#bwg_frontend_data#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>]#', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>]|\\%[\\da-f]{2}#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'bwg_search_0'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'bwg_search_0'), array ( )))))); $this->rules[250] = wfWAFRule::create($this, 250, NULL, 'priv-esc', '100', 'bbPress <= 2.6.4 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'bbpress', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'option_page'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'option_page'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', '_bbp_allow_super_mods'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', '_bbp_allow_super_mods'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[251] = wfWAFRule::create($this, 251, NULL, 'spam', '100', 'Contact Builder by Themify <= 1.4.5 - Email Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'builder_contact_send', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'contains', '%3C', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'contact-message'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'contact-message'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'contains', '<', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'contact-message'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'contact-message'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'contains', '%3c', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'contact-message'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'contact-message'), array ( ))))))); $this->rules[254] = wfWAFRule::create($this, 254, NULL, 'bypass', '100', 'JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'backup_guard_modalManualBackup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[255] = wfWAFRule::create($this, 255, NULL, 'auth-bypass', '100', 'Brizy < 1.0.126 - Authorization Bypass to Settings Updates', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/brizy(\\-|_)(?!(timestamp|submit_form|heartbeat))/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'author', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[257] = wfWAFRule::create($this, 257, NULL, 'xss', '100', 'TC Custom JavaScript <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'tccj-content'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'tccj-update'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[260] = wfWAFRule::create($this, 260, NULL, 'file_upload', '100', 'Adning Advertising <= 1.5.5 - Arbitrary File Upload and Arbitrary File Deletion', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', '_ning_upload_image', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', '_ning_remove_image', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[264] = wfWAFRule::create($this, 264, NULL, 'xss', '100', 'Newsletter <= 6.8.1 - Reflected Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'tnpc_render', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'encoded_options'), array ( 0 => array ( 0 => 'base64decode', ), )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#(\\\\u003c|\\\\u003e)#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'encoded_options'), array ( 0 => array ( 0 => 'base64decode', ), ))))))); $this->rules[266] = wfWAFRule::create($this, 266, NULL, 'xss', '100', 'WPBakery Page Builder <= 6.2.0 Contributor+ Stored XSS FE Save Post', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'vc_save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'content'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'content'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/vc_raw_html|vc_raw_js|custom_onclick_code/', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'content'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'content'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[270] = wfWAFRule::create($this, 270, NULL, 'xss', '100', 'WPBakery Page Builder <= 6.2.0 Contributor+ Stored XSS FE Save Template', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'vc_save_template', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/vc_raw_html|vc_raw_js|custom_onclick_code/', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'template'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[271] = wfWAFRule::create($this, 271, NULL, 'file_upload', '100', 'Quiz and Survey Master <= 7.0.1 - Arbitrary File Deletion and Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/^\\/(?:\\.\\/)*(?:var|home|usr|mnt|media|etc|tmp|dev|proc)\\/|(^|\\/|\\\\)\\.\\.(\\\\|\\/)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'qsm_remove_file_fd_question', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\.(p(h(p|tml)[0-9]?|l|y)|(j|a)sp|aspx|sh|shtml|html?|cgi|htaccess|user\\.ini)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'qsm_upload_image_fd_question', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))))); $this->rules[273] = wfWAFRule::create($this, 273, NULL, 'bypass', '100', 'Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'restore_backup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'write_file', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'xcloner_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'restore_mysql_backup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'xcloner_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'list_backup_files', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'xcloner_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'restore_finish', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'xcloner_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'list_mysqldump_backups', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'xcloner_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'list_backup_archives', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'xcloner_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'restore_backup_to_path', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'get_current_directory', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'xcloner_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'xcloner_action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[274] = wfWAFRule::create($this, 274, NULL, 'xss', '100', 'Discount Rules for WooCommerce < 2.1.0 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^(?:nopriv_)?wdr_ajax#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'get_price_html', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'method'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'get_variable_product_bulk_table', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'method'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[275] = wfWAFRule::create($this, 275, NULL, 'xss', '100', 'Discount Rules for WooCommerce <= 2.1.1 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'awdr_switch_plugin_to'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'forceValidateLicenseKey', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'savePriceRule', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'saveCartRule', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'saveConfig', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'resetWDRCache', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'loadProductSelectBox', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'loadCoupons', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'UpdateStatus', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'RemoveRule', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'doBulkAction', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'createDuplicateRule', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[276] = wfWAFRule::create($this, 276, NULL, 'bypass', '100', 'Kali Forms <= 2.1.1 - Missing Authorization to Settings Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'kaliforms_update_option_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'kaliforms_clear_log', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'kaliforms_form_delete_uploaded_file', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_kaliforms_form_delete_uploaded_file', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[278] = wfWAFRule::create($this, 278, NULL, 'rce', '100', 'File Manager <= 6.8 - Arbitrary File Upload/Remote Code Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/php/connector.minimal.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))))); $this->rules[279] = wfWAFRule::create($this, 279, NULL, 'auth-bypass', '100', 'NextScripts: Social Networks Auto-Poster <= 4.3.17 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'nxs_snap_aj', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[283] = wfWAFRule::create($this, 283, NULL, 'auth-bypass', '100', 'Forminator < 1.13.5 - Unauthenticated Sensitive Data Export', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'forminator_export_entries', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[284] = wfWAFRule::create($this, 284, NULL, 'priv-esc', '100', 'Thrive Themes Plugins <= 1.3.4 Unprotected AJAX', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'tve_dash_backend_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[285] = wfWAFRule::create($this, 285, NULL, 'rce', '100', 'Epsilon Framework Themes (Various Versions) - Function Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#(?:nopriv_)?epsilon_framework_ajax_action#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#(?:nopriv_)?welcome_screen_ajax_callback#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#(?:nopriv_)?epsilon_dashboard_ajax_callback#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[287] = wfWAFRule::create($this, 287, NULL, 'priv-esc', '100', 'NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'get_table_records', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_insert_record', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_update_record', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_delete_record', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_duplicate_record', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_delete_file', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_populate_form_entry_dashboard', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'do_form_entry_save', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_send_test_email', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_other_config', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_email_config', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_script_config', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_gr_key', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_mc_key', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'do_form_import', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'deactivate_license', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_style_config', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_field_pref', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_validation_pref', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_email_pref', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_other_pref', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'do_upload_image', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_email_config', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_script_config', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'preview_nex_form', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_print_chart', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_print_to_pdf', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_print_report_to_pdf', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_nf_print_report_to_pdf', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_ nf_print_to_pdf', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_get_email_setup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_get_pdf_setup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_get_options_setup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_create_custom_layout', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_delete_custom_layout', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'update_paypal', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_get_forms', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_load_form_entries', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'submission_report', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nf_hidden_fields', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[291] = wfWAFRule::create($this, 291, NULL, 'priv-esc', '100', 'Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Meta', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'form_id'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'form_id'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '#^um_#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_user_level'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[294] = wfWAFRule::create($this, 294, NULL, 'obji', '100', 'WordPress Core < 5.5.3 - PHP Object Injection Gadget', 1, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'matchCount', '/(^|;|{|})C:+?\\+*[0-9]+:"\\\\?Requests_Utility_FilteredIterator"/i', array(wfWAFRuleComparisonSubject::create($this, 'request.headers', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.cookies', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( )))))); $this->rules[295] = wfWAFRule::create($this, 295, NULL, 'xss', '100', 'WordPress Core < 5.5.2 - Reflected Cross-Site Scripting via Global Variables', 1, 'blockXSS', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#(?:%2f|/)(?:%77|%57|w)(?:%70|%50|p)(?:%2d|-)(?:%61|%41|a)(?:%64|%44|d)(?:%6d|%4d|m)(?:%69|%49|i)(?:%6e|%4e|n)(?:%2f|/).*(?:%2f|/)(?:%77|%57|w)(?:%70|%50|p)(?:%2d|-)(?:%61|%41|a)(?:%64|%44|d)(?:%6d|%4d|m)(?:%69|%49|i)(?:%6e|%4e|n)(?:%2f|/).*%27#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))))); $this->rules[303] = wfWAFRule::create($this, 303, NULL, 'file_upload', '100', 'ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'lp_cc_addons_actions', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_lp_cc_addons_actions', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[305] = wfWAFRule::create($this, 305, NULL, 'lfi', '100', 'WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/^\\/(?:\\.\\/)*(?:var|home|usr|mnt|media|etc|tmp|dev|proc)\\//i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_thumbnails', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_imagebrowser', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_singlepic', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_compact_album', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_extended_album', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_thumbnails', 'display_view'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_imagebrowser', 'display_view'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_singlepic', 'display_view'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_compact_album', 'display_view'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_extended_album', 'display_view'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_slideshow', 'display_view'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/(^|\\/|\\\\)\\.\\.(\\\\|\\/)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_thumbnails', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_imagebrowser', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_singlepic', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_compact_album', 'template'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'photocrati-nextgen_basic_extended_album', 'template'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthLessThan', '1', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'nonce'), array ( )))))); $this->rules[308] = wfWAFRule::create($this, 308, NULL, 'priv-esc', '100', 'Tutor LMS – eLearning and online course solution <= 1.7.6 - Unprotected AJAX including Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'tutor_add_instructor', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'instructor_approval_action', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'setup_action', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'addon_enable_disable', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[310] = wfWAFRule::create($this, 310, NULL, 'file_upload', '100', 'Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-post\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'rmp_upload_theme_file', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[313] = wfWAFRule::create($this, 313, NULL, 'obji', '100', 'Meta pixel for WordPress <= 2.2.2 - PHP Object Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '3.0.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'official-facebook-pixel'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#wp\\-admin/+admin\\-post.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wp_async_send_server_events', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_wp_async_send_server_events', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(^|;|{|})O:+?\\+*[0-9]+:(?!"(?:stdClass)")/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'event_data'), array ( 0 => array ( 0 => 'base64decode', ), )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'event_data'), array ( 0 => array ( 0 => 'base64decode', ), )))))); $this->rules[314] = wfWAFRule::create($this, 314, NULL, 'file_upload', '100', 'WooCommerce Upload Files <= 59.3 - Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wcuf_file_chunk_upload', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_wcuf_file_chunk_upload', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(?:\\.php|\\.\\.\\/|\\.jsp|\\.vbs|\\.exe|\\.bat|\\.php5|\\.pht|\\.phtml|\\.shtml|\\.asa|\\.cer|\\.asax|\\.swf|\\.xap|;|\\.asp|\\.aspx|\\*|<|>|::)#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wcuf_file_name'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'wcuf_upload_field_name'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'wcuf_current_upload_session_id'), array ( )))))); $this->rules[317] = wfWAFRule::create($this, 317, NULL, 'xss', '100', 'FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'fv_player_db_save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[318] = wfWAFRule::create($this, 318, NULL, 'redirect', '100', 'Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'nf_oauth_connect', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'redirect'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'redirect'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '#^https:\\/\\/my.ninjaforms.com\\/#', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'redirect'), array ( )))))); $this->rules[319] = wfWAFRule::create($this, 319, NULL, 'auth-bypass', '100', 'Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'ninja_forms_sendwp_remote_install', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[320] = wfWAFRule::create($this, 320, NULL, 'auth-bypass', '100', 'Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'nf_oauth', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[321] = wfWAFRule::create($this, 321, NULL, 'xss', '100', 'Autoptimize Cross-Site Scripting Bypass', 0, 'blockXSS', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'autoptimize'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#j[\\savscript]+<\\!--[\\s\\S]*?-->[\\savscript]*:|"[a-z\\s\\:\\-]+<\\!--[\\s\\S]*?-->[a-z\\s\\:\\-]+=\\s*"|<<\\!--|<[^dp\\s\\+][^>]*<\\!--#ix', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( )))))); $this->rules[323] = wfWAFRule::create($this, 323, NULL, 'auth-bypass', '100', 'Popup Builder <= 3.72 Missing Authorization on AJAX actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'sgpb_subscribers_delete', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sgpb_add_subscribers', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sgpb_import_subscribers', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sgpb_save_imported_subscribers', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sgpb_send_newsletter', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[324] = wfWAFRule::create($this, 324, NULL, 'file_upload', '100', 'External Media <= 1.0.33 - Authenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'upload-remote-file', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[325] = wfWAFRule::create($this, 325, NULL, 'auth-bypass', '100', 'Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct-ultimate-gdpr-export'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct-ultimate-gdpr-export-services'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct-ultimate-gdpr-import'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct-ultimate-gdpr-import-services'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[329] = wfWAFRule::create($this, 329, NULL, 'bypass', '100', 'Redirection for Contact Form 7 <= 2.3.3 - Unprotected AJAX Actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpcf7r_delete_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpcf7r_add_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpcf7r_make_api_test', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'activate_wpcf7r_extension', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'deactivate_wpcf7r_extension', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpcf7r_extension_update', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpcf7r_reset_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[328] = wfWAFRule::create($this, 328, NULL, 'bypass', '100', 'Redirection for Contact Form 7 <= 2.3.3 - Unauthenticated Arbitrary Nonce Generation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'nopriv_wpcf7r_get_nonce', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpcf7r_get_nonce', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[331] = wfWAFRule::create($this, 331, NULL, 'information-disclosure', '100', 'User Profile Picture <= 2.4.0 - Sensitive Information Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+mpp[\\/]+v2[\\/]+get_users/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/mpp[\\/]+v2[\\/]+get_users/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[333] = wfWAFRule::create($this, 333, NULL, 'file_upload', '100', 'WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'quadmenu_compiler_save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_quadmenu_compiler_save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[335] = wfWAFRule::create($this, 335, NULL, 'xss', '100', 'Elementor <= 3.1.2 Elements Kit Lite/Pro <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'elementor_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(?:["_]tag|header_size|title_size)":"(?!(?:div|header|footer|main|article|section|aside|nav|span|p|a|none|h1|h2|h3|h4|h5|h6|null|large|custom|ul|)")#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[336] = wfWAFRule::create($this, 336, NULL, 'sqli', '100', 'Tutor LMS <= 1.8.3 - SQL Injection via Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'tutor_place_rating', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'tutor_mark_answer_as_correct', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'tutor_quiz_builder_get_question_form', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'tutor_quiz_builder_get_answers_by_question', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>]#', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'tutor_answering_quiz_question', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'tutor_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'tutor_action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>]#', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( ))))))); $this->rules[338] = wfWAFRule::create($this, 338, NULL, 'sqli', '40', 'SQL Injection in User-Agent String', 0, 'failSQLi', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'matchCount', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))))); $this->rules[341] = wfWAFRule::create($this, 341, NULL, 'information-disclosure', '100', 'Store Locator Plus <= 5.12.3 - Unauthenticated Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+store-locator-plus[\\/]+v2[\\/]+options[\\/]+all/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/store-locator-plus[\\/]+v2[\\/]+options[\\/]+all/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+store-locator-plus[\\/]+v2[\\/]+options[\\/]+import/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/store-locator-plus[\\/]+v2[\\/]+options[\\/]+import/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[343] = wfWAFRule::create($this, 343, NULL, 'auth-bypass', '100', 'Plus Addons for Elementor Page Builder <= 4.1.6 - Authentication Bypass Method #2', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'theplus_ajax_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'theplus_google_ajax_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'email'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'email'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'email'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'email'), array ( ))))))); $this->rules[344] = wfWAFRule::create($this, 344, NULL, 'obji', '100', 'PHP Object Injection in Cookies', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(^|;|{|})(?:O|C):\\d+:"(?!stdClass")[^"]+":/', array(wfWAFRuleComparisonSubject::create($this, 'request.cookies', array ( )))))); $this->rules[347] = wfWAFRule::create($this, 347, NULL, 'priv-esc', '100', 'BuddyPress 5.0.0-7.2.0 - Privilege Escalation via REST API', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+buddypress[\\/]+v1[\\/]+members[\\/]+(?:me|\\d+)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/buddypress[\\/]+v1[\\/]+members[\\/]+(?:me|\\d+)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'versionLessThan', '7.2.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'buddypress'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[348] = wfWAFRule::create($this, 348, NULL, 'file_upload', '100', 'Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+td[\\/]+v1[\\/]+optin[\\/]+subscription/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/td[\\/]+v1[\\/]+optin[\\/]+subscription/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'api_key'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'api_key'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#api_key":""#i', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#(?:hook_url|hookUrl)":"\\{#i', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#[\\{\\}]#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'hook_url'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'hookUrl'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'hook_url'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'hookUrl'), array ( ))))))); $this->rules[349] = wfWAFRule::create($this, 349, NULL, 'rfd', '100', 'Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+thrive[\\/]+kraken/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/thrive[\\/]+kraken/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#^(?![0-9a-f]{32}).#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'id'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'id'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#"id":"(?![0-9a-f]{32})#i', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( ))))))); $this->rules[351] = wfWAFRule::create($this, 351, NULL, 'auth-bypass', '100', 'Woocommerce Customers Manager <= 26.4 - Authenticated Account Creation and Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'upload_csv', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wccm_export_csv', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wccm_export_guests_csv', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[352] = wfWAFRule::create($this, 352, NULL, 'file_upload', '100', 'Business Hours Pro <= 5.5.0 - Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'iva_bh_ajax_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_iva_bh_ajax_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'iva_bh_import_ajax_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_iva_bh_import_ajax_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[353] = wfWAFRule::create($this, 353, NULL, 'lfi', '100', 'The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#"(?:loop_)?svg_image":\\{[^\\}]*"url":"[^"]+\\.(?!svg)\\w+"#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'elementor_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))); $this->rules[356] = wfWAFRule::create($this, 356, NULL, 'redirect', '100', 'Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Import/Export', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', '301options', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'page'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'page'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'export'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'export'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'import'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'import'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[357] = wfWAFRule::create($this, 357, NULL, 'file_upload', '100', 'Simple 301 Redirects by BetterLinks 2.0.0 - 2.0.1 - Unprotected AJAX Actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'simple301redirects/admin/wildcard', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'simple301redirects/admin/install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'simple301redirects/admin/activate_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'simple301redirects/admin/hide_notice', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'simple301redirects/admin/get_import_info', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[359] = wfWAFRule::create($this, 359, NULL, 'priv-esc', '100', 'Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'contains', 'eael-login-register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#register_user_role":"(?!subscriber|customer)[^"]#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'elementor_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[360] = wfWAFRule::create($this, 360, NULL, 'bypass', '100', 'Essential Addons for Elementor <= 4.6.4 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpdeveloper_install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpdeveloper_activate_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_settings_with_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'clear_cache_files_with_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[361] = wfWAFRule::create($this, 361, NULL, 'file_upload', '100', 'Kaswara Modern VC Addons <= 3.0.1 - Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'contains', 'kaswara', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'uploadFontIcon', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_uploadFontIcon', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(\\.zip)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[362] = wfWAFRule::create($this, 362, NULL, 'bypass', '100', 'Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'contains', 'kaswara', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'exportShortcodeData', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_exportShortcodeData', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'importShortcodeData', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_importShortcodeData', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'exportCf7Styles', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_exportCf7Styles', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'importCf7Styles', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_importCf7Styles', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'deleteFontIcon', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_deleteFontIcon', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[364] = wfWAFRule::create($this, 364, NULL, 'auth-bypass', '100', 'WooCommerce Product Filter by WooBeWoo <= 1.4.9 Unprotected AJAXs', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpf', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'pl'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'pl'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'save', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'deleteByID', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'drawFilterAjax', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'removeGroup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'saveGroup', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'createTable', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[365] = wfWAFRule::create($this, 365, NULL, 'obji', '100', 'Thrive Plugins < 2021-05-11 Object Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(^|;|{|})(?:O|C):\\d+:"(?!stdClass")[^"]+":/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', '__tcb_lg_msg'), array ( 0 => array ( 0 => 'base64decode', ), )), wfWAFRuleComparisonSubject::create($this, array('request.body', '__tcb_lg_fc'), array ( 0 => array ( 0 => 'base64decode', ), )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'consent_config'), array ( 0 => array ( 0 => 'base64decode', ), )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'tve_mapping'), array ( 0 => array ( 0 => 'base64decode', ), )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'tve_labels'), array ( 0 => array ( 0 => 'base64decode', ), )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'config'), array ( 0 => array ( 0 => 'base64decode', ), )))))); $this->rules[369] = wfWAFRule::create($this, 369, NULL, 'priv-esc', '100', 'User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) 3.0.0 - 3.1.3 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'pp_ajax_signup', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pp_ajax_editprofile', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_user_level'), array ( ))))))); $this->rules[370] = wfWAFRule::create($this, 370, NULL, 'priv-esc', '100', 'Privilege Escalation via User Meta Updates', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_user_level'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[371] = wfWAFRule::create($this, 371, NULL, 'file_upload', '100', 'Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'fpd_custom_uplod_file', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_fpd_custom_uplod_file', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\.[^a-z0-9\\.]*p[^a-z0-9\\.]*h[^a-z0-9\\.]*p#i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#/custom\\-image\\-handler\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))))); $this->rules[372] = wfWAFRule::create($this, 372, NULL, 'auth-bypass', '100', 'Fancy Product Designer <= 4.6.9 Unprotected AJAX actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^fpd_(?:create_|update_|delete_|get_|upload_|export|reset_)#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[376] = wfWAFRule::create($this, 376, NULL, 'file_upload', '100', 'ZoomSounds <= 5.96 - Unauthenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#\\/dzs\\-zoomsounds\\/savepng\\.php#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))))); $this->rules[379] = wfWAFRule::create($this, 379, NULL, 'sqli', '100', 'WooCommerce < 5.5.1 - SQL Injection via URL Encode Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+wc[\\/]+store[\\/]+products[\\/]+collection-data/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wc[\\/]+store[\\/]+products[\\/]+collection-data/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\%25[0-9a-fA-F]{2}#', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.jsonBody', array ( )))))); $this->rules[380] = wfWAFRule::create($this, 380, NULL, 'sqli', '100', 'WooCommerce < 5.5.1 - SQL Injection via Double URL Encode Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+wc[\\/]+store[\\/]+products[\\/]+collection-data/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wc[\\/]+store[\\/]+products[\\/]+collection-data/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\%2525[0-9a-fA-F]{2}#', array(wfWAFRuleComparisonSubject::create($this, 'request.uri', array ( )))))); $this->rules[381] = wfWAFRule::create($this, 381, NULL, 'auth-bypass', '100', 'Profile Builder <= 3.4.8 - Admin Access via Password Reset', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'recover_password2', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action2'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'notMatch', '#^[a-zA-Z0-9]{20}$#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'key'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#key(\\[|\\%5b)#', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( ))))))); $this->rules[383] = wfWAFRule::create($this, 383, NULL, 'xss', '100', 'SEOPress 5.0.0 - 5.0.3 - Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/seopress[\\/]+v1[\\/]+posts/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^put$#i', array(wfWAFRuleComparisonSubject::create($this, 'request.method', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.headers', 'X-Http-Method-Override'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.headers', 'X-Method-Override'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[384] = wfWAFRule::create($this, 384, NULL, 'auth-bypass', '100', 'Booster for WooCommerce <= 5.4.3 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '5736f6a062bcdc410e5565249a74af55'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'versionlessthanequalto', '5.4.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'woocommerce-jetpack'), array ( )))))); $this->rules[386] = wfWAFRule::create($this, 386, NULL, 'insufficient-auth', '100', 'Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/redux[\\/]+v1[\\/]+templates/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[387] = wfWAFRule::create($this, 387, NULL, 'auth-bypass', '100', 'Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/ninja-forms-submissions/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[390] = wfWAFRule::create($this, 390, NULL, 'file_upload', '100', 'AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'plugin_offline_installer', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[391] = wfWAFRule::create($this, 391, NULL, 'xss', '100', 'underConstruction <= 1.18 - Reflected Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'under-construction', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'page'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#wp-admin[\\/]+admin\\.php.+#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))))); $this->rules[392] = wfWAFRule::create($this, 392, NULL, 'xss', '100', 'Easy Social Icons <= 3.0.8 – Reflected Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'cnss_social_icon_page', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'page'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#wp-admin[\\/]+admin\\.php.+#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))))); $this->rules[393] = wfWAFRule::create($this, 393, NULL, 'auth-bypass', '100', 'HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^hdi_#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[396] = wfWAFRule::create($this, 396, NULL, 'auth-bypass', '100', 'Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'pa_dismiss_admin_notice', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[397] = wfWAFRule::create($this, 397, NULL, 'auth-bypass', '100', 'WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import/Export', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.files', 'rp_wcdpd_settings'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rp_wcdpd_export_settings'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rp_wcdpd_export_settings'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rp_wcdpd_export_settings'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rp_wcdpd_export_settings'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[399] = wfWAFRule::create($this, 399, NULL, 'file_upload', '100', 'Envato Elements <= 2.0.9 - Contributor+ Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'envato_elements', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'template_kit_import', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/envato-elements\\/v2/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/template-kit-import\\/v2/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[400] = wfWAFRule::create($this, 400, NULL, 'auth-bypass', '100', 'WordPress Automatic <= 3.53.2 + Pinterest Automatic <= 4.14.3 - Unauthenticated Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'settings', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wp_pinterest_automatic'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_pinterest_automatic'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-automatic\\/process_form\\.php#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( ))))))); $this->rules[401] = wfWAFRule::create($this, 401, NULL, 'xss', '100', 'OptinMonster <= 2.6.0 - Reflected Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.6.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'optinmonster'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(\\(|\\)|=)#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'om-live-rules-preview'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'om-live-rules-preview'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'om-live-preview'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'om-live-preview'), array ( )))))); $this->rules[403] = wfWAFRule::create($this, 403, NULL, 'auth-bypass', '100', 'RegistrationMagic <= 5.2.1.0 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionlessthanequalto', '5.2.1.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'custom-registration-form-builder-with-submission-manager'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', '1297c6ae35002b8a3ea315c00b6c799c', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))))); $this->rules[404] = wfWAFRule::create($this, 404, NULL, 'auth-bypass', '100', 'YITH Easy Login & Register Popup for WooCommerce <= 1.8.0 - Authentication Bypass via Password Reset', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'set-new-password', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'yith_welrp_form_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wc-ajax'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wc-ajax'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'versionlessthanequalto', '1.8.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'yith-easy-login-register-popup-for-woocommerce'), array ( )))))); $this->rules[405] = wfWAFRule::create($this, 405, NULL, 'auth-bypass', '100', 'Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'svx_ajax_factory', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[406] = wfWAFRule::create($this, 406, NULL, 'priv-esc', '100', 'WP User Manager <= 2.6.2 - Arbitrary User Password Reset', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionlessthan', '2.6.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-user-manager'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'submit_password_recovery'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'password_recovery_nonce'), array ( )))))); $this->rules[407] = wfWAFRule::create($this, 407, NULL, 'auth-bypass', '100', 'WP DSGVO Tools (GDPR) <= 3.1.22 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#^(nopriv_)?SPDSGVO-integration-#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'admin-dismiss-unsubscribe', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_admin-dismiss-unsubscribe', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[408] = wfWAFRule::create($this, 408, NULL, 'bypass', '100', 'OptinMonster <= 2.6.4 - Unprotected REST-API Endpoints', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.6.4', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'optinmonster'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/omapp\\/v1/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[413] = wfWAFRule::create($this, 413, NULL, 'auth-bypass', '100', 'WCFM Membership <= 2.10.0 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wcfmvm_(vendor_approval_html|vendor_approval_response_update|membership_change|change_next_renewal)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'delete_wcfm_membership', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wcfm-(memberships|memberships-manage|memberships-settings)$/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'controller'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'controller'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>\\%]#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'controller'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'controller'), array ( ))))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[414] = wfWAFRule::create($this, 414, NULL, 'auth-bypass', '100', 'RULE-414', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.4.10', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wc-multivendor-marketplace'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wcfm_(vendor_store_offline|vendor_store_online)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wcfmmp_(media_delete|bulk_media_delete|reviews_delete)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[415] = wfWAFRule::create($this, 415, NULL, 'sqli', '100', 'WCFM Marketplace <= 3.4.11 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wcfm_(messages_bulk_mark_read|messages_bulk_mark_delete)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/wcfm-(refund-requests|vendor-orders|orders|enquiry|reviews)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'controller'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'controller'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>%]#', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))))); $this->rules[417] = wfWAFRule::create($this, 417, NULL, 'auth-bypass', '100', 'WCFM Frontend Manager <= 6.6.0 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '6.6.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wc-frontend-manager'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wcfm_(vendor_disable|vendor_enable)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/(archive|delete|publish)_wcfm/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(wcfm-payments|wcfm-withdrawal|wcfm-vendors|wcfm-notices|wcfm-capability|wcfm-[a-z]+-manage)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'controller'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>\\%]#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'controller'), array ( ))))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[421] = wfWAFRule::create($this, 421, NULL, 'auth-bypass', '100', 'Responsive Menu <= 4.1.7 - Missing Authorization Checks', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^rmp_#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[422] = wfWAFRule::create($this, 422, NULL, 'xss', '100', 'Smash Balloon Social Post Feed <= 4.0 - Arbitrary Plugin Settings Update to Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '4.0.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'custom-facebook-feed'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^cff_#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[427] = wfWAFRule::create($this, 427, NULL, 'csrf', '100', 'Login/Signup Popup <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'xoo_admin_settings_save', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(administrator|siteurl|users_can_register|default_role|admin_email|mailserver_url|mailserver_login|rewrite_rules|wp_user_roles)#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'form'), array ( )))))); $this->rules[429] = wfWAFRule::create($this, 429, NULL, 'auth-bypass', '100', 'Tawk.To Live Chat <= 0.5.4 - Missing Authorization to Visitor Monitoring & Chat Removal', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'tawkto_setwidget', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'tawkto_removewidget', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[431] = wfWAFRule::create($this, 431, NULL, 'insufficient-auth', '100', 'Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp-admin/#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'update_product_attr_type', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'update_attribute_type_setting', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'tawcvs_save_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'woosuite_saving_variation_settings'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[435] = wfWAFRule::create($this, 435, NULL, 'options_update', '100', 'PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionlessthanequalto', '2.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'capability-manager-enhanced'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'pp-capabilities-settings', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'page'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'page'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'all_options'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'all_options_pro'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[436] = wfWAFRule::create($this, 436, NULL, 'options_update', '100', 'Oxilab Plugins <= (Various Versions) Unauthenticated Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+.*[\\/]+(v1|v2)[\\/]+(oxi_settings|addons_settings)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/\\/.*[\\/]+(v1|v2)[\\/]+(oxi_settings|addons_settings)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[437] = wfWAFRule::create($this, 437, NULL, 'sqli', '100', 'Page Duplication Function (Various Plugins) Second Order SQLi', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'add-meta', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/post\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'editpost', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'meta'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'metakeyinput'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>]#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'meta'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>]#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'metakeyinput'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[438] = wfWAFRule::create($this, 438, NULL, 'auth-bypass', '100', 'All in One SEO 4.1.3.1 - 4.1.5.2 - Authenticated SQL Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '4.1.5.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'all-in-one-seo-pack'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/aioseo[\\/]+v1[\\/]+/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[439] = wfWAFRule::create($this, 439, NULL, 'xss', '100', 'WP HTML Mail <= 3.0.9 - Missing Authorization on Rest Route', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/whm[\\/]+v3[\\/]+themesettings/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[441] = wfWAFRule::create($this, 441, NULL, 'auth-bypass', '100', 'Ultimate FAQ <= 2.1.1 - Missing Authorization to Arbitrary FAQ Creation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#ewd_ufaq_welcome_#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[442] = wfWAFRule::create($this, 442, NULL, 'auth-bypass', '100', 'Oxilab Plugins <= Various Versions Unprotected AJAX and Rest Routes', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/[\\/]+(ImageHoverUltimate|ShortCodeAddonsUltimate|oxilabtabsultimate)[\\/]+(v1|v2)[\\/]/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin\\/admin\\-ajax\\.php$/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'image_hover_ultimate', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'oxi_flip_box_data', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[444] = wfWAFRule::create($this, 444, NULL, 'auth-bypass', '100', 'Insight Core <= 1.0 - Authenticated PHP Object Injection & Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'insight_customizer_options_import', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'import_dummy', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[448] = wfWAFRule::create($this, 448, NULL, 'insufficient-auth', '100', 'Easy Drag And drop All Import : WP Ultimate CSV Importer < 6.4.1 Unprotected AJAX Actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '6.4.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-ultimate-csv-importer'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(get_desktop|get_csv_url|get_ftp_url|get_ftp_details|get_parse_xml|saveMappedFields|StartImport|GetProgress|ImportState|ImportStop|checkmain_mode|disable_main_mode|bulk_file_import|bulk_import|PauseImport|ResumeImport|DeactivateMail|total_records|check_export|updatefields|LineChart|PieChart|BarChart|checkExtensions|listuploads|locklist|install_plugins|zip_ngg_upload|csv_options|display_log|download_log|displayCSV|preview|zip_upload|image_options|delete_image|media_report|support_mail|send_subscribe_email|settings_options|send_login_credentials_to_users|get_options|security_performance|active_addons|mappingfields|getfields)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[451] = wfWAFRule::create($this, 451, NULL, 'xss', '100', 'GiveWP <= 2.17.2 - Reflected Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '2.17.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'give'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#wp-admin\\/edit\\.php#', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#[\\r\\n\\t<>=]#', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 's'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'json'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'give_forms', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'post_type'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'post_type'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 's'), array ( )))))))); $this->rules[453] = wfWAFRule::create($this, 453, NULL, 'file_upload', '100', 'Zip File Uploads', 0, 'log', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\.(zip)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'add_custom_font', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))))); $this->rules[455] = wfWAFRule::create($this, 455, NULL, 'auth-bypass', '100', 'Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'submit-uaf-font-php'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'submit-uaf-font-js'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'submit-uaf-font-php'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'submit-uaf-font-js'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[456] = wfWAFRule::create($this, 456, NULL, 'priv-esc', '100', 'MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'stm_lms_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(wp_capabilities|wp_user_level)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[458] = wfWAFRule::create($this, 458, NULL, 'xss', '100', 'WP Cerber Security <= 8.9.5.2 - Unauthenticated Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '8.9.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-cerber'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, 'request.uri', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[459] = wfWAFRule::create($this, 459, NULL, 'auth-bypass', '100', 'UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'updraft_download_backup', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'heartbeat', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data', 'updraftplus'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data', 'updraftplus', 'log_nonce'), array ( ))))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[460] = wfWAFRule::create($this, 460, NULL, 'file_download', '100', 'BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'heartbeat', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data', 'hmbkp_schedule_id'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[461] = wfWAFRule::create($this, 461, NULL, 'information-disclosure', '100', 'Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'heartbeat', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data', 'boldgrid_backup_in_progress'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[462] = wfWAFRule::create($this, 462, NULL, 'insufficient-auth', '100', 'Freemius <= 2.4.2 - Missing Authorization on AJAX actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(fs_dismiss_notice_action_|fs_retry_connectivity_test_|fs_resolve_firewall_issues_)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'fs_toggle_debug_mode', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'fs_get_debug_log', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[477] = wfWAFRule::create($this, 477, NULL, 'xss', '100', 'WordPress Core 5.9 - 5.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionGreaterThanEqualTo', '5.9.0', array(wfWAFRuleComparisonSubject::create($this, 'wordpress.core', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.9.1', array(wfWAFRuleComparisonSubject::create($this, 'wordpress.core', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/wp[\\/]+v2[\\/]+posts/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\\\\\\\u0#', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[478] = wfWAFRule::create($this, 478, NULL, 'xss', '100', 'WordPress Core < 5.9.2 & Gutenberg < 12.7.2 - Prototype Pollution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', '__proto__'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'constructor'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'prototype'), array ( )))))); $this->rules[482] = wfWAFRule::create($this, 482, NULL, 'rce', '100', 'Tatsu <= 3.3.12 - Unauthenticated Remote Code Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(?:nopriv_)?add_custom_font#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[483] = wfWAFRule::create($this, 483, NULL, 'rce', '100', 'WAF-RULE-483', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'md5Equals', '9419144043c824fe684399c5ff5ba46d', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '82bc3ff3aa0b29f7a326c88b6b53617a', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '1bc92cdc15368557981fcab5dfca2979', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', 'e81f641f598c43fd2923236d0e398ec2', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', 'dd46145d9f2c386a47527d9d204f264a', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', 'd84b5d5582f4dd40688105bf48ef1b07', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[485] = wfWAFRule::create($this, 485, NULL, 'privesc', '100', 'WAF-RULE-485', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#^abb_(?!\\w+_action)#', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#^jupiterx_[^l]#', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[486] = wfWAFRule::create($this, 486, NULL, 'file_upload', '100', 'Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(cool_plugins_(install|activate))/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[489] = wfWAFRule::create($this, 489, NULL, 'xss', '100', 'Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.3.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'ultimate-member'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\&(lt|#60|#x3c);/i', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'edit', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'um_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'um_action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[499] = wfWAFRule::create($this, 499, NULL, 'auth-bypass', '100', 'Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#yikes/cpt/v1/settings#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[503] = wfWAFRule::create($this, 503, NULL, 'information-disclosure', '100', 'Duplicator – WordPress Migration Plugin <= 1.4.7 - Unauthenticated Backup Download', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/dup\\-installer/main\\.installer\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[514] = wfWAFRule::create($this, 514, NULL, 'auth-bypass', '100', 'WAF-RULE-514', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^jkit_#', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '42dd1238ecd3cea6190ca8155ef9b7bb'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '42dd1238ecd3cea6190ca8155ef9b7bb'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '42dd1238ecd3cea6190ca8155ef9b7bb'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '42dd1238ecd3cea6190ca8155ef9b7bb'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '3c1d76e6a2e9e5afed4be33600b638f9'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '3c1d76e6a2e9e5afed4be33600b638f9'), array ( ))))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[515] = wfWAFRule::create($this, 515, NULL, 'insufficient-auth', '100', 'Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'b2s_save_social_meta_tags', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'b2s_user_network_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'legacy_mode'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'legacy_mode'), array ( )))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'b2s_lock_auto_post_import', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[516] = wfWAFRule::create($this, 516, NULL, 'ssrf', '100', 'Web Stories <= 1.24.0 - Server Side Request Forgery', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+web-stories[\\/]+v1[\\/]+hotlink[\\/]+proxy/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/web-stories[\\/]+v1[\\/]+hotlink[\\/]+proxy/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/\\/(0|127|10|172|192|169|100)\\./i', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'url'), array ( )))))); $this->rules[517] = wfWAFRule::create($this, 517, NULL, 'auth-bypass', '100', 'Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'dpwap_plugin_download_url', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[518] = wfWAFRule::create($this, 518, NULL, 'priv-esc', '100', 'tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'td_ajax_fb_login_user', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user', 'email'), array ( )))))); $this->rules[519] = wfWAFRule::create($this, 519, NULL, 'auth-bypass', '100', 'Multiple Bill Minozzi Plugins - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Install', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'antihacker_install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'stopbadbots_install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpmemory_install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'cardealer_install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wptools_install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[522] = wfWAFRule::create($this, 522, NULL, 'insufficient-auth', '100', 'Download Monitor <= 4.7.60 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '4.7.70', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'download-monitor'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/download-monitor[\\/]+v1[\\/]+(user_data|download_reports|user_reports|templates)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[523] = wfWAFRule::create($this, 523, NULL, 'sqli', '100', 'Cyr to Lat <= 3.5 - Authenticated SQL Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#wp\\/+v2\\/+tags#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'contains', '\'', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[526] = wfWAFRule::create($this, 526, NULL, 'auth-bypass', '100', 'BeRocket Plugins <= (Various Versions) - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin\\/admin\\-ajax\\.php$/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'berocket_admin_close_notice', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'berocket_subscribe_email', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'berocket_rate_stars_close', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'berocket_feature_request_send', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'berocket_error_notices_get', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'berocket_information_close_notice', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'br_test_key', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[528] = wfWAFRule::create($this, 528, NULL, 'privesc', '100', 'iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'ajax_save_options', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'quick_generator_api', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'integrate_setup', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'toggle_services', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'save_public_api_key', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'auto_detect_forms', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'update_options', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'radar_percentage_reload', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'cs_configuration', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'pp_configuration', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'tc_configuration', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'cons_configuration', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'frontpage_main_box', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[529] = wfWAFRule::create($this, 529, NULL, 'auth-bypass', '100', 'WAF-RULE-529', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'md5Equals', 'b254c456fc0fea3d356dbac744ba1394', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '79eb411a0574474c9b544c3fcd76a056', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '6ee5d32bb9ef333e8d23a4a84aa80777', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', 'be422283e46ff4557994546f1afb59ca', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '603e8e451644f9a9704cd2ce61e9d4de', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '207940e9eb2165482ba653b169e56f92', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', 'b777e22f790d44cc1315dcd12d47953e', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '0cdf70afbfad8fc504c4d6c911feb621', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', 'a48b99906c864bc7c919ac6e7f6ef968', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '8365bd60f38f7952add8d300c517676d', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '8d2086d798c5bd532b6e60c6d8920629', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'md5Equals', '5b5c5ed0942517f1a27d9f3d45ace6a6', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[530] = wfWAFRule::create($this, 530, NULL, 'rce', '100', 'User Post Gallery - UPG <= 2.19 - Missing Authorization to Remote Command Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'upg_datatable', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[532] = wfWAFRule::create($this, 532, NULL, 'insufficient-auth', '100', 'Quick Restaurant Menu <= 2.0.2 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'erm_update_menu_item', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'erm_delete_menu_item', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'erm_create_menu_item', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'erm_update_list_menu_items', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'erm_list_menu_items', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'erm_update_menu_week', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[537] = wfWAFRule::create($this, 537, NULL, 'lfi', '100', 'LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#\\/+lp\\/+v1#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(\\/|\\%2F)(?:(\\.|\\%2E)(\\/|\\%2F))*(?:var|usr|mnt|etc|tmp|dev|proc|home)(\\/|\\%2F)|(\\.|\\%2E)(\\.|\\%2E)(\\\\|\\/|\\%2F|\\%5C)#i', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[538] = wfWAFRule::create($this, 538, NULL, 'sqli', '30', 'LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#\\/+lp\\/+v1#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'matchCount', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[539] = wfWAFRule::create($this, 539, NULL, 'xss', '100', 'Extended XSS for JSON Body Content', 0, 'log', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'content'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'unfiltered_html', array()))); $this->rules[548] = wfWAFRule::create($this, 548, NULL, 'insufficient-auth', '100', 'Redirect Redirection <= 1.1.3 - Missing Authorization Checks on Various Functions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(irAddRedirect|irInstantEditRedirect|irLoadRedirectSettings|irSaveRedirectSettings|irDeleteRedirect|irStatusBulkEdit|irBulkDelete|irRedirectionPageContent|irLiveSearch|irSelectAll|irLogPageContent|irLogFilter|irAddRedirectRule|irLoadTab|irSaveSettings|irLoadSettings|inisev_installation)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[551] = wfWAFRule::create($this, 551, NULL, 'auth-bypass', '100', 'WP Meta SEO <= 4.5.3 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpms_regenerate_sitemaps', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpms_save_sitemap_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpms_list_posts_category', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpms_sitemap_check_all_category', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpms_gg_save_information', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpms_set_ignore', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[552] = wfWAFRule::create($this, 552, NULL, 'privesc', '100', 'Houzez Theme <= 2.7.1 and Houzez Login Register <= 2.6.3 - Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#(?:nopriv_)?houzez_(?:register|change_user_role|register_user_with_membership)#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'keyExists', 'user_role', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '#^houzez_#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_role'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'keyExists', 'role', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '#^houzez_#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))))))); $this->rules[553] = wfWAFRule::create($this, 553, NULL, 'auth-bypass', '100', 'WP Meta SEO <= 4.5.2 - Missing Authorization - startProcess', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpms', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'edit_posts', array()))); $this->rules[555] = wfWAFRule::create($this, 555, NULL, 'priv-esc', '100', 'ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'pm_reset_user_password', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'manage_options', array()))); $this->rules[557] = wfWAFRule::create($this, 557, NULL, 'options_update', '100', 'Sitemap by click5 <= 1.0.35 - Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#click5_sitemap\\/+API\\/+update_html_option_AJAX#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[559] = wfWAFRule::create($this, 559, NULL, 'insufficient-auth', '100', 'OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'exopite-sof-file_uploader', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'exopite-sof-file-batch-delete', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'upload_files', array()))); $this->rules[560] = wfWAFRule::create($this, 560, NULL, 'insufficient-auth', '100', 'Paytium <= 4.3.7 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'pt_cancel_subscription', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'paytium_notice_dismiss', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'paytium_sw_save_api_keys', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'paytium_mollie_check_for_verified_profiles', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'paytium_mollie_update_profile_preference', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'paytium_mollie_create_profile', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'paytium_mollie_check_account_details', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'paytium_mollie_create_account', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'manage_options', array()))); $this->rules[566] = wfWAFRule::create($this, 566, NULL, 'priv-esc', '100', 'Updraft Plus 1.22.14 to 1.23.2 - Privilege Escalation via updraft_central_ajax_handler', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'updraft_central_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'manage_options', array()))); $this->rules[567] = wfWAFRule::create($this, 567, NULL, 'whitelist', '100', 'SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'sq_ajax_search_blog', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_checkin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_keywords', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_preview', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_tasks', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_briefcase_get', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_briefcase_add', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_briefcase_delete', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_briefcase_save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_customcall', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_research_process', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_research_others', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_research_history', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_journey_close', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_auditpages_getaudit', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_focuspages_inspecturl', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_focuspages_getpage', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ranking_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_serp_delete_keyword', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_rank_bulk_delete', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_rank_bulk_refresh', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_postslist ', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sla_customcall ', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_onboarding_commitment', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_focuspages_getpage ', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'edit_others_posts', array())), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'sq_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_seosettings_clear_cache', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_seosettings_importall', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_rollback', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_reinstall', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_type_click', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_onboading_checksite', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_account_disconnect', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_ajax_account_getaccount', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_seosettings_ga_check', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_seosettings_gsc_check', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sq_alerts_close', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'manage_options', array())), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'inline-save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'edit_posts', array())))); $this->rules[569] = wfWAFRule::create($this, 569, NULL, 'auth-bypass', '100', 'FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/full-customer/#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#/wp-json/full-customer/#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'manage_options', array()))); $this->rules[570] = wfWAFRule::create($this, 570, NULL, 'priv-esc', '100', 'Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'elementor_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#pro_woocommerce_update_page_option#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[571] = wfWAFRule::create($this, 571, NULL, 'insufficient-auth', '100', 'Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/filebird/v1/fbv-api/#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'manage_options', array()))); $this->rules[573] = wfWAFRule::create($this, 573, NULL, 'insufficient-auth', '100', 'HappyFiles Pro <= 1.8.1 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.8.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'happyfiles-pro'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin\\/admin\\-ajax\\.php$/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/happyfiles_/i', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[575] = wfWAFRule::create($this, 575, NULL, 'insufficient-auth', '100', 'ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'get_acf_post_meta', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[577] = wfWAFRule::create($this, 577, NULL, 'idor', '100', 'Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '7.5.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'directorist'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'directorist_dashboard_listing_tab', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'edit_others_posts', array()))); $this->rules[579] = wfWAFRule::create($this, 579, NULL, 'ssrf', '100', 'Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/getwid/v1/get_remote_content#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/\\/(0|127|10|172|192|169|100)\\./i', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'get_content_url'), array ( )))))); $this->rules[581] = wfWAFRule::create($this, 581, NULL, 'insufficient-auth', '100', 'WP Fastest Cache <= 1.1.2 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpfc_preload_single', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpfc_purgecache_varnish', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpfc_clear_cache_of_allsites', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpfc_delete_cache_and_minified', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[585] = wfWAFRule::create($this, 585, NULL, 'auth-bypass', '100', 'ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.0.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'zm-ajax-login-register'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'facebook_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))); $this->rules[586] = wfWAFRule::create($this, 586, NULL, 'priv-esc', '100', 'Easy Digital Downloads <= 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '3.1.1.4.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'easy-digital-downloads'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'user_reset_password', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'edd_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'edd_action'), array ( )))))); $this->rules[588] = wfWAFRule::create($this, 588, NULL, 'priv-esc', '100', 'Essential Addons for Elementor <= 5.7.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '5.7.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'essential-addons-for-elementor-lite'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'eael-resetpassword-submit'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'eael-resetpassword-submit'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'eael-resetpassword-submit'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'eael-resetpassword-submit'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rp_login'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rp_login'), array ( )))))); $this->rules[589] = wfWAFRule::create($this, 589, NULL, 'priv-esc', '100', 'MStore API <= 3.9.2 - Multiple Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.9.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'mstore-api'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#\\/api\\/+flutter_woo\\/#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#wp\\/+v2\\/+add-listing#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[591] = wfWAFRule::create($this, 591, NULL, 'privesc', '100', 'WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.10.7', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wc-multivendor-membership'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/member_id/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wcfm_membership_registration_form'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/user_email/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wcfm_membership_registration_form'), array ( )))))); $this->rules[592] = wfWAFRule::create($this, 592, NULL, 'auth-bypass', '100', 'BP Social Connect <= 1.5 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.5', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'bp-social-connect'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'bp_social_connect_facebook_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))))); $this->rules[593] = wfWAFRule::create($this, 593, NULL, 'insufficient-auth', '100', 'TheGem < 5.8.1.1 - Missing Authorization', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'thegem_theme_options_api', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[595] = wfWAFRule::create($this, 595, NULL, 'privesc', '100', 'WAF-RULE-595', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.1.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'userpro'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'userpro_fbconnect', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))); $this->rules[600] = wfWAFRule::create($this, 600, NULL, 'auth-bypass', '100', 'BookIt <= 2.3.7 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.3.7', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'bookit'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', '72477b7978287d4a0161d5ee79b95027', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '0c83f57c786a0b4a39efab23731c7ebc'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '0c83f57c786a0b4a39efab23731c7ebc'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[601] = wfWAFRule::create($this, 601, NULL, 'file_upload', '100', 'Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'unlimitedelements_ajax_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#^assets_#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'client_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'client_action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[602] = wfWAFRule::create($this, 602, NULL, 'auth-bypass', '100', 'Wordapp <= 1.5.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.5.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wordapp'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', '8df4dd8336c5c15d097e9d20eb0e060d', array(wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', 'c81e728d9d4c2f636f067f89cc14862c', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '8d777f385d3dfec8815d20f7496026dc', '11d8c28a64490a987612f2332502467f'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '8d777f385d3dfec8815d20f7496026dc', '8d777f385d3dfec8815d20f7496026dc', '649b92cd2814a1c763883483020f1ccd'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '8d777f385d3dfec8815d20f7496026dc', '8d777f385d3dfec8815d20f7496026dc', '56f87754b90c41110339186644d71add'), array ( )))))); $this->rules[605] = wfWAFRule::create($this, 605, NULL, 'insufficient-auth', '100', 'Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#frm-admin/v1/install-addon#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[606] = wfWAFRule::create($this, 606, NULL, 'insufficient-auth', '100', 'Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '12.1.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'jetpack'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/xmlrpc\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#https:\\/\\/public-api\\.wordpress\\.com\\/rest\\/v\\d+(\\.\\d+)?\\/sites\\/\\d+\\/media\\/\\d+/edit#i', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[607] = wfWAFRule::create($this, 607, NULL, 'idor', '100', 'SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.67', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'sp-client-document-manager'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', 'f019630bf1a756ccbd108090402e3c19', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '0c83f57c786a0b4a39efab23731c7ebc'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '7c6a180b36896a0a8c02787eeafb0e4c'), array ( )))))); $this->rules[608] = wfWAFRule::create($this, 608, NULL, 'idor', '100', 'LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.6.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'sfwd-lms'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '13ac4273dc853636a2413f2d70b438ff'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '62a0b91a9b98a7ec19f27e42c13de207'), array ( )))))); $this->rules[610] = wfWAFRule::create($this, 610, NULL, 'file_upload', '100', 'User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.0.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'user-registration'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', '6afb15540df8394855f56b037a0ff083', array(wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', 'e06f853092cefc99d84f72a056c378f8'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '9bb151b69a6e2b82a60009e4b0a0e1d8'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[611] = wfWAFRule::create($this, 611, NULL, 'priv-esc', '100', 'tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/tdb_user_form_on_submit/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(wp_capabilities|wp_user_level)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'formElements'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '2.7', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'td-cloud-library'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'manage_options', array()))))); $this->rules[612] = wfWAFRule::create($this, 612, NULL, 'options_update', '100', 'ProfileGrid <= 5.4.8 - Authenticated (Subscriber+) Arbitrary Option Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'pm_test_smtp', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[613] = wfWAFRule::create($this, 613, NULL, 'priv-esc', '100', 'WP Post Author <= 3.3.0 - Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/aft-wp-post-author\\/v1\\/set-user-data/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[614] = wfWAFRule::create($this, 614, NULL, 'priv-esc', '100', 'Ultimate Member <= 2.6.6 - Privilege Escalation via Arbitrary User Meta Updates', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'keyExists', 'form_id', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( 0 => array ( 0 => 'filterKeys', 1 => '/.*/', 2 => '/administrator/i', ), )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( 0 => array ( 0 => 'filterKeys', 1 => '/.*/', 2 => '/administrator/i', ), )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( 0 => array ( 0 => 'filterKeys', 1 => '/.*/', 2 => '/shop_manager/i', ), )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( 0 => array ( 0 => 'filterKeys', 1 => '/.*/', 2 => '/shop_manager/i', ), )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'keymatches', '#_\\\\*c\\\\*a\\\\*p\\\\*a\\\\*b\\\\*i\\\\*l\\\\*i\\\\*t\\\\*i\\\\*e\\\\*s\\\\*#', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'keymatches', '#u\\\\*s\\\\*e\\\\*r\\\\*_\\\\*l\\\\*e\\\\*v\\\\*e\\\\*l#', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[615] = wfWAFRule::create($this, 615, NULL, 'bypass', '100', 'Atarim - Client Interface <= 3.9.1 - Missing Authorization via AJAX actions', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'avc_send_invitations', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'avc_delete_invitations', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[616] = wfWAFRule::create($this, 616, NULL, 'priv-esc', '100', 'HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'htmega_ajax_register', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_htmega_ajax_register', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'reg_role'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'reg_role'), array ( )))))); $this->rules[617] = wfWAFRule::create($this, 617, NULL, 'priv-esc', '100', 'Booking Package <= 1.5.98 - Authorization Bypass to Arbitrary Password Reset', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.5.98', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'booking-package'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-content/plugins/booking\\-package/ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'package_app_public_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'updateUser', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'mode'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[618] = wfWAFRule::create($this, 618, NULL, 'priv-esc', '100', 'WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.6.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wedevs-project-manager'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/pm/v2/save_users_map_name#', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', 'c98d48a702d2fb75df0353af9c222655'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', 'c98d48a702d2fb75df0353af9c222655'), array ( )), wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[619] = wfWAFRule::create($this, 619, NULL, 'ssrf', '100', 'Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in template_importer and import_wpforms', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'ast_block_templates_importer', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'api_uri'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'api_uri'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'ast_block_templates_import_wpforms', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wpforms_url'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wpforms_url'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[620] = wfWAFRule::create($this, 620, NULL, 'priv-esc', '100', 'Ultimate Member <= 2.6.6 - Privilege Escalation via Arbitrary User Meta Updates via API', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.6.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'ultimate-member'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'update.user', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'um-api'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'um-api'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'delete.user', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'um-api'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'um-api'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[622] = wfWAFRule::create($this, 622, NULL, 'priv-esc', '100', 'BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'w3dev_toggle_ban_user', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_id'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_id'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'w3dev_save_ban_user_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[624] = wfWAFRule::create($this, 624, NULL, 'ssrf', '100', 'Avada <= 7.11.1 - Authenticated(Contributor+) Server Side Request Forgery', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '7.11.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'Avada'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'fusion_panel_import', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#//((0|127|10|172|192|169|100)\\.|localhost)#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'toUrl'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'toUrl'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( ))))))); $this->rules[625] = wfWAFRule::create($this, 625, NULL, 'file_upload', '100', 'Avada <= 7.11.1 - Authenticated(Author+) Arbitrary File Upload via Zip Extraction', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '7.11.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'Avada'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\.zip($|\\.)#i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[626] = wfWAFRule::create($this, 626, NULL, 'information-disclosure', '100', 'Post Grid <= 2.2.50 - Missing Authorization to Sensitive Information Exposure via REST API', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '2.2.51', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'post-grid'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/post-grid\\/v2\\/(?!(loggedout_current_user|get_posts)\\b).+/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[627] = wfWAFRule::create($this, 627, NULL, 'obji', '100', 'WAF-RULE-627', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/essential-blocks[\\/]+v1[\\/]+(queries|products)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(?:O|C)\\:+\\d+\\:#', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'query_data'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'attributes'), array ( )), wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'query_data'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'attributes'), array ( )))))); $this->rules[628] = wfWAFRule::create($this, 628, NULL, 'priv-esc', '100', 'JupiterX Core <= 3.3.8 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.3.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'jupiterx-core'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-facebook-social-login'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-facebook-social-login'), array ( ))))))); $this->rules[629] = wfWAFRule::create($this, 629, NULL, 'rce', '100', 'Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '3.10', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'media-library-assistant'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#media-library-assistant\\/includes\\/mla\\-stream\\-image\\.php#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))))); $this->rules[631] = wfWAFRule::create($this, 631, NULL, 'privesc', '100', 'WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via start_staging and get_staging_progress', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpvividstg_start_staging_free', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpvividstg_get_staging_progress_free', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[632] = wfWAFRule::create($this, 632, NULL, 'auth-bypass', '100', 'MultiVendorX <= 4.0.25 - Improper Authorization on REST Routes via save_settings_permission', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/mvx_module/v1/#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[634] = wfWAFRule::create($this, 634, NULL, 'spam', '100', 'Super Store Finder <= 6.9.2 - Unauthenticated Email Creation/Sending', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#\\/superstorefinder\\-wp\\/sendMail\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[635] = wfWAFRule::create($this, 635, NULL, 'auth-bypass', '100', 'Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'sfsi_save_export', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[636] = wfWAFRule::create($this, 636, NULL, 'rce', '100', 'Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#\\[(php|allowphp)#i', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'content'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'shortcode'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[638] = wfWAFRule::create($this, 638, NULL, 'insufficient-auth', '100', 'AI ChatBot <= 4.8.9 - Missing Authorization on Various AJAX', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'qcld_openai_delete_training_file', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'qcld_openai_upload_pagetraining_file', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'openai_file_upload', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'openai_file_list', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'openai_file_delete', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'openai_finetune_list', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'openai_ft_model_create', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'openai_ft_model_delete', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'openai_file_dowload', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[639] = wfWAFRule::create($this, 639, NULL, 'file_upload', '100', 'Dropshipping & Affiliation with Amazon <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpas_import_product_from_amazon', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[640] = wfWAFRule::create($this, 640, NULL, 'auth-bypass', '100', 'WordPress Core < 6.3.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'parse-media-shortcode', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^\\[(audio|embed|playlist|video|gallery)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'shortcode'), array ( )))))); $this->rules[644] = wfWAFRule::create($this, 644, NULL, 'insufficient-auth', '100', '10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(two_init_flow_score|nopriv_two_init_flow_score|activate_score_check|nopriv_activate_score_check)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[645] = wfWAFRule::create($this, 645, NULL, 'priv-esc', '100', 'MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.10.7', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'mstore-api'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\/api\\/+flutter_user\\/apple_login#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[646] = wfWAFRule::create($this, 646, NULL, 'priv-esc', '100', 'WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'byconsolewooodt_admin_fields_setting_files', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[648] = wfWAFRule::create($this, 648, NULL, 'priv-esc', '100', 'WP Courses LMS <= 3.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'save_fe_option', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[649] = wfWAFRule::create($this, 649, NULL, 'file-download', '100', 'Backup Migration <= 1.3.6 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'BMI_BACKUP', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'backup-migration'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'keyExists', 'backup-id', array(wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[650] = wfWAFRule::create($this, 650, NULL, 'whitelist', '100', 'wp-autoload.php backdoor', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#wp\\-autoload\\.php#', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'keyExists', 'pass', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'keyExists', 'bypass', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( ))))))); $this->rules[651] = wfWAFRule::create($this, 651, NULL, 'xss', '100', 'WAF-RULE-651', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'meta', '_uag_custom_page_level_css'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'unfiltered_html', array()))); $this->rules[652] = wfWAFRule::create($this, 652, NULL, 'rce', '100', 'WAF-RULE-652', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/includes/backup-heart.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))))); $this->rules[653] = wfWAFRule::create($this, 653, NULL, 'rce', '100', 'WordPress Core 6.4-6.4.1 - Remote Code Execution POP Chain via Object Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(^|;|{|})(?:O|C):\\d+:"WP_HTML_Token/i', array(wfWAFRuleComparisonSubject::create($this, 'request.headers', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.cookies', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )))))); $this->rules[654] = wfWAFRule::create($this, 654, NULL, 'file_upload', '100', 'Elementor <= 3.18.1 - Authenticated(Contributor+) File Upload via Template Import', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '3.18.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'elementor'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'elementor_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#import_template#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[655] = wfWAFRule::create($this, 655, NULL, 'insufficient-auth', '100', 'OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.6 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'omgf-update', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[657] = wfWAFRule::create($this, 657, NULL, 'priv-esc', '100', 'Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'rednao_smart_forms_save_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[658] = wfWAFRule::create($this, 658, NULL, 'priv-esc', '100', 'Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThan', '2.0.23', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-gdpr-compliance'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wpgdprc_update_integration', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[660] = wfWAFRule::create($this, 660, NULL, 'rce', '100', 'Unlimited Elements for Elementor <= 1.5.88 - Authenticated(Contributor+) Remote Code Execution via template import', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'unitecreator_elementor_import_template', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[661] = wfWAFRule::create($this, 661, NULL, 'auth-bypass', '100', 'POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authorization Bypass via type connect-app API', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/post-smtp/v1/connect-app#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthLessThan', '1', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'Auth-Key'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'Auth-Key'), array ( ))))))); $this->rules[663] = wfWAFRule::create($this, 663, NULL, 'xss', '100', 'Generic XSS in Custom Meta', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'meta'), array ( 0 => array ( 0 => 'filterKeys', 1 => '/\\[\\d+\\]/', 2 => '/value/', ), )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'meta'), array ( 0 => array ( 0 => 'filterKeys', 1 => '/\\[\\d+\\]/', 2 => '/key/', ), )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'unfiltered_html', array()))); $this->rules[664] = wfWAFRule::create($this, 664, NULL, 'traversal', '100', 'Directory Traversal via HTTP Headers', 1, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(^|\\/|\\\\)\\.\\.(\\\\|\\/)/', array(wfWAFRuleComparisonSubject::create($this, 'request.headers', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[665] = wfWAFRule::create($this, 665, NULL, 'rce', '100', 'File Manager Pro <= 8.3.4 - Authenticated(Subscriber+) Remote Code Execution via mk_check_filemanager_php_syntax', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'mk_check_filemanager_php_syntax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#/wp\\-content/uploads/fm_temp\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))))); $this->rules[666] = wfWAFRule::create($this, 666, NULL, 'xss', '100', 'WP Meta SEO <= 4.5.12 - Unauthenticated Stored Cross-Site Scripting via Referer header', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.5.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-meta-seo'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'Referer'), array ( )))))); $this->rules[668] = wfWAFRule::create($this, 668, NULL, 'xss', '100', 'Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'keyExists', 'sgpb-ShouldOpen', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'keys'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'administrator', array()))); $this->rules[669] = wfWAFRule::create($this, 669, NULL, 'insufficient-auth', '100', 'ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.1.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'colormag'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'activate_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[670] = wfWAFRule::create($this, 670, NULL, 'hook-injection', '100', 'WAF-RULE-670', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.0.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'check-email'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp-admin/#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'keyExists', 'check-email-action', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))))); $this->rules[671] = wfWAFRule::create($this, 671, NULL, 'hook-injection', '100', 'WAF-RULE-671', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.4.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'email-log'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp-admin/#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'keyExists', 'el-action', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'notEquals', 'el-download-system-info', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'el_license_activate', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'el_license_deactivate', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'el_bundle_license_activate', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'el_bundle_license_deactivate', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'el-log-list-export', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'el-log-list-export-all', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'el-export-logs-with-columns', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'el-action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[672] = wfWAFRule::create($this, 672, NULL, 'sqli', '100', 'Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 - 2.8.2 - Unauthenticated SQL Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'um_get_members', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^[a-z_-]*$/ix', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'sorting'), array ( )))))); $this->rules[673] = wfWAFRule::create($this, 673, NULL, 'insufficient-auth', '100', 'SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'slimstat_manage_filters', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[674] = wfWAFRule::create($this, 674, NULL, 'file_upload', '100', 'WAF-RULE-674', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.2.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wemanage-app-worker'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+wc[\\/]+v3[\\/]+upload-csv-file/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wc[\\/]+v3[\\/]+upload-csv-file/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[675] = wfWAFRule::create($this, 675, NULL, 'insufficient-auth', '100', 'LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+lc_public_api[\\/]+v1[\\/]+proxy/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/lc_public_api[\\/]+v1[\\/]+proxy/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wp_delete_post', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'endpoint'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'endpoint'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( ))))))); $this->rules[676] = wfWAFRule::create($this, 676, NULL, 'information-disclosure', '100', 'Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'pbs_inspector_dropdown_db', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[677] = wfWAFRule::create($this, 677, NULL, 'rce', '100', 'Bricks <= 1.9.6 - Unauthenticated Remote Code Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.9.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'bricks'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+bricks[\\/]+v1[\\/]+render_element/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/bricks[\\/]+v1[\\/]+render_element/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'bricks_render_element', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'code', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'element', 'name'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'element', 'name'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'element', 'settings', 'code'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'element', 'settings', 'code'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'element', 'settings', 'executeCode'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'element', 'settings', 'executeCode'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[678] = wfWAFRule::create($this, 678, NULL, 'file_upload', '100', 'WAF-RULE-678', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wpr_addons_upload_file', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(xml|svgz)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[679] = wfWAFRule::create($this, 679, NULL, 'rce', '100', 'Bricks <= 1.9.6 - Unauthenticated Remote Code Execution via queryEditor', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.9.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'bricks'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+bricks[\\/]+v1[\\/]+render_element/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/bricks[\\/]+v1[\\/]+render_element/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'bricks_render_element', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'loopElement', 'settings', 'query', 'useQueryEditor'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'loopElement', 'settings', 'query', 'useQueryEditor'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'loopElement', 'settings', 'query', 'queryEditor'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'loopElement', 'settings', 'query', 'queryEditor'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[680] = wfWAFRule::create($this, 680, NULL, 'file_upload', '100', 'Addon Library <= 1.3.76 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'unitecreator_ajax_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[681] = wfWAFRule::create($this, 681, NULL, 'priv-esc', '100', 'RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.2.6.0 - Authenticated (Subscriber+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'rm_update_users_role', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[682] = wfWAFRule::create($this, 682, NULL, 'priv-esc', '100', 'Malware Scanner <= 4.7.2 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'mo_wpns_change_password', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'option'), array ( )))))); $this->rules[684] = wfWAFRule::create($this, 684, NULL, 'priv-esc', '100', 'User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'user_registration_form_save_action', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[685] = wfWAFRule::create($this, 685, NULL, 'file_upload', '100', 'WAF-RULE-685', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '0.1.0.20', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'instawp-connect'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+instawp-connect[\\/]+v1[\\/]+config/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/instawp-connect[\\/]+v1[\\/]+config/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'override_plugin_zip'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'override_plugin_zip'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[686] = wfWAFRule::create($this, 686, NULL, 'insufficient-auth', '100', 'WAF-RULE-686', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+fluentform[\\/]+v1[\\/]+global-settings/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+fluentform[\\/]+v1[\\/]+managers/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/fluentform[\\/]+v1[\\/]+global-settings/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/fluentform[\\/]+v1[\\/]+managers/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[687] = wfWAFRule::create($this, 687, NULL, 'insufficient-auth', '100', 'Responsive <= 5.0.2 - Missing Authorization to HTML Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.0.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'responsive'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'save_footer_text', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'footer_text'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[688] = wfWAFRule::create($this, 688, NULL, 'xss', '100', 'Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.29.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'forminator'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#wp\\/+v2\\/+posts#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/post\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\[forminator_form#', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'content'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'content'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#\\[forminator_form#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'shortcode'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'shortcode'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'unfiltered_html', array()))); $this->rules[690] = wfWAFRule::create($this, 690, NULL, 'priv-esc', '100', 'PowerPack Pro for Elementor <= 2.10.17 - Authenticated (Contributor+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'contains', 'pp-registration-form', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'contains', 'user_role', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'actions'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'actions'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'elementor_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[691] = wfWAFRule::create($this, 691, NULL, 'sqli', '100', 'Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'visualizer-fetch-db-data', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'matchCount', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params', 'query'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[692] = wfWAFRule::create($this, 692, NULL, 'options_update', '100', 'WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wpdp_add_new_datepicker_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wpdp_form_data'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[693] = wfWAFRule::create($this, 693, NULL, 'lfi', '100', 'WAF-RULE-693', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'yotu_pagination', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(^|(\\%2F)|(\\%5C))\\.\\.((\\%2F)|(\\%5C))/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'settings'), array ( 0 => array ( 0 => 'base64decode', ), )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/(^|\\/|\\\\)\\.\\.(\\\\|\\/)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'settings'), array ( 0 => array ( 0 => 'base64decode', ), ))))))); $this->rules[696] = wfWAFRule::create($this, 696, NULL, 'sqli', '100', 'Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'optin', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'es'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'es'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'unsubscribe', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'es'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'es'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'hash'), array ( 0 => array ( 0 => 'base64decode', ), 1 => array ( 0 => 'json', ), )), 'list_ids'), array ( )), wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'hash'), array ( 0 => array ( 0 => 'base64decode', ), 1 => array ( 0 => 'json', ), )), 'list_ids'), array ( )))))); $this->rules[697] = wfWAFRule::create($this, 697, NULL, 'priv-esc', '100', 'WAF-RULE-697', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.7.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'tutor-pro'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'tutor_pro_social_authentication', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))); $this->rules[698] = wfWAFRule::create($this, 698, NULL, 'insufficient-auth', '100', 'WAF-RULE-698', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.7.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'tutor-pro'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(?:tutor_)(?:content_drip_state_update|enrollment_bulk_action|search_students|gc_credential_save|gc_class_action|google_meet_reset_cred|admin_student_list_bulk_action)|(?:quiz_)(?:export_data|import_data)|save_email_template|send_test_email_ajax|import_bulk_student/', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[699] = wfWAFRule::create($this, 699, NULL, 'sqli', '100', 'WAF-RULE-699', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'ig_es_do_import', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'matchCount', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'options', 'list_id'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'options', 'list_id'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[700] = wfWAFRule::create($this, 700, NULL, 'insufficient-auth', '100', 'InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+instawp-connect[\\/]+v1[\\/]+config/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/instawp-connect[\\/]+v1[\\/]+config/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[701] = wfWAFRule::create($this, 701, NULL, 'options_update', '100', 'XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/xoo_admin_settings_(?:import|export)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[702] = wfWAFRule::create($this, 702, NULL, 'file_upload', '100', 'Modern Events Calendar <= 7.10.0 - Authenticated (Subscriber+) Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'mec_fes_form', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'mec', 'featured_image'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^(?!:.*\\.[^.]+\\.)(?:[^.]+)\\.(png|gif|jpg|jpeg|jif|jfif)$/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'mec', 'featured_image'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[703] = wfWAFRule::create($this, 703, NULL, 'xss', '100', 'Easy Pixels by JEVNET <= 2.13 - Unauthenticated Stored Cross-Site Scripting', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'epform'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'epform'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[704] = wfWAFRule::create($this, 704, NULL, 'insufficient-auth', '100', 'WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'delete_hb'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'hb'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'hb'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[705] = wfWAFRule::create($this, 705, NULL, 'insufficient-auth', '100', 'Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.7.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'tutor-pro'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/treport_quiz_atttempt_delete|tutor_gc_class_action|tutor_admin_student_list_bulk_action/', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[706] = wfWAFRule::create($this, 706, NULL, 'xss', '100', 'WAF-RULE-706', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+userfeedback[\\/]+v1[\\/]+surveys[\\/]+(?:\\d+)[\\/]+responses/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/userfeedback[\\/]+v1[\\/]+surveys[\\/]+(?:\\d+)[\\/]+responses/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, 'request.jsonBody', array ( 0 => array ( 0 => 'filterKeys', 1 => '/answers/', 2 => '/\\d+/', 3 => '/extra/', 4 => '/name/', ), )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'unfiltered_html', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[707] = wfWAFRule::create($this, 707, NULL, 'file_upload', '100', 'Keydatas <= 2.5.2 - Unauthenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'post', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', '__kds_flag'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'keydatas.com', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'kds_password'), array ( )))))); $this->rules[708] = wfWAFRule::create($this, 708, NULL, 'insufficient-auth', '100', 'EventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings Updates', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'eventon_import_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_eventon_import_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[710] = wfWAFRule::create($this, 710, NULL, 'rce', '100', 'WAF-RULE-710', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.6.11', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'sitepress-multilingual-cms'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#wp\\/+v2\\/+posts#i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/post\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#\\[wpml_language_(?:switcher|selector_widget|selector_footer)#', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'content'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'content'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#\\[wpml_language_(?:switcher|selector_widget|selector_footer)#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'shortcode'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'shortcode'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[711] = wfWAFRule::create($this, 711, NULL, 'rce', '100', 'WAF-RULE-711', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'createTable', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wtbp', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'pl'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'pl'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wootablepress', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'mod'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'mod'), array ( )))))); $this->rules[712] = wfWAFRule::create($this, 712, NULL, 'auth-bypass', '100', 'WAF-RULE-712', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.14.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'mstore-api'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+api[\\/]+flutter_user[\\/]+firebase_sms_login(?:_v2)?/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/api[\\/]+flutter_user[\\/]+firebase_sms_login(?:_v2)?/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))))); $this->rules[713] = wfWAFRule::create($this, 713, NULL, 'auth-bypass', '100', 'InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '0.1.0.43', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'instawp-connect'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'true', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'success'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'success'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'access_token'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'access_token'), array ( )))))); $this->rules[714] = wfWAFRule::create($this, 714, NULL, 'insufficient-auth', '100', 'FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+full-customer[\\/]+license/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/full-customer[\\/]+license/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[716] = wfWAFRule::create($this, 716, NULL, 'priv-esc', '100', 'ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.8.9', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'profilegrid-user-profiles-groups-and-communities'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'pm_upload_image', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'pm_cover_image', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_meta'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'status'), array ( )))))); $this->rules[717] = wfWAFRule::create($this, 717, NULL, 'file_upload', '100', 'BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'bookingpress_save_lite_wizard_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[718] = wfWAFRule::create($this, 718, NULL, 'information-disclosure', '100', 'ElementsKit Elementor addons <= 3.2.0 - Unauthenticated Information Exposure via ekit_widgetarea_content Function', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.2.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'elementskit-lite'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#(?:nopriv_)?ekit_widgetarea_content#', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'edit_others_posts', array()))); $this->rules[719] = wfWAFRule::create($this, 719, NULL, 'insufficient-auth', '100', 'BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'bookingpress_import_data_process', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[720] = wfWAFRule::create($this, 720, NULL, 'auth-bypass', '100', 'User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.11.8 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.11.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'profile-builder'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'register', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/^[ \\t\\n\\r\\v\\x00]+|[ \\t\\n\\r\\v\\x00]+$/', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'email'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'email'), array ( )))))); $this->rules[721] = wfWAFRule::create($this, 721, NULL, 'rce', '100', 'JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'jssupportticket', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'form_request'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'jstask', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'themes', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'page'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'page'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'savetheme', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'task'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'task'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[722] = wfWAFRule::create($this, 722, NULL, 'auth-bypass', '100', 'Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionGreaterThanEqualTo', '1.1.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'bookingpress-appointment-booking'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.1.7', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'bookingpress-appointment-booking'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'bookingpress_front_save_appointment_booking', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'appointment_data'), array ( 0 => array ( 0 => 'json', ), )), 'customer_email'), array ( )), wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'appointment_data'), array ( 0 => array ( 0 => 'json', ), )), 'customer_email'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'read', array()))); $this->rules[723] = wfWAFRule::create($this, 723, NULL, 'priv-esc', '100', 'WPCOM Member <= 1.5.2.1 - Unauthenticated Privilege Escalation via User Meta', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wpcom_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wp_user_level'), array ( ))))))); $this->rules[724] = wfWAFRule::create($this, 724, NULL, 'rce', '100', 'Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'bit_fm_connector_front', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'nopriv_bit_fm_connector_front', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'bit_fm_connector', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'put', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'cmd'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'cmd'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[725] = wfWAFRule::create($this, 725, NULL, 'auth-bypass', '100', 'Jupiter X Core <= 4.7.5 - Limited Unauthenticated Authentication Bypass to Account Takeover', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.7.5', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'jupiterx-core'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-facebook-social-login'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-google-social-login'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-facebook-social-login'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-facebook-social-login'), array ( 0 => array ( 0 => 'pregReplace', 1 => '/[^0-9a-zA-Z\\-_]/', 2 => '', ), ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-facebook-social-login'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-google-social-login'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-google-social-login'), array ( 0 => array ( 0 => 'pregReplace', 1 => '/[^0-9a-zA-Z\\-_]/', 2 => '', ), ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'jupiterx-google-social-login'), array ( )))))))); $this->rules[726] = wfWAFRule::create($this, 726, NULL, 'file_upload', '100', 'WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+hb-room[\\/]+v1[\\/]+update-review/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/hb-room[\\/]+v1[\\/]+update-review/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(p(h(pt?|t(ml?)?|ar)[0-9]?|l|y)|(j|a)sp|aspx|sh|shtml|html?|cgi|htaccess|user\\.ini)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'base64_images'), array ( 0 => array ( 0 => 'filterKeys', 1 => '/.*/', 2 => '/name/', ), )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'base64_images'), array ( 0 => array ( 0 => 'filterKeys', 1 => '/.*/', 2 => '/name/', ), )))))); $this->rules[727] = wfWAFRule::create($this, 727, NULL, 'priv-esc', '100', 'WAF-RULE-727', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpjobportal', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'form_request'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpjobportaltask', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'configuration', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wpjobportalme'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'wpjobportalme'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'handleRequest', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'task'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'task'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'saveconfiguration', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'task'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'task'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[728] = wfWAFRule::create($this, 728, NULL, 'priv-esc', '100', 'LiteSpeed Cache <= 6.3.0.1 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.cookies', 'litespeed_role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.cookies', 'litespeed_hash'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[729] = wfWAFRule::create($this, 729, NULL, 'obji', '100', 'GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'give'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'give_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/give/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'matchCount', '/(^|;|{|})\\\\*(?:O|C):\\d+:"(?!stdClass")[^"]+":/', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))))); $this->rules[730] = wfWAFRule::create($this, 730, NULL, 'priv-esc', '100', 'Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'userProfileUpdate', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'formType'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'formType'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'formType'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(wp_capabilities|wp_user_level)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.jsonBody', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_meta', 'wp_capabilities'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_meta', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_meta', 'wp_capabilities'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_meta', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_meta', 'wp_user_level'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_meta', 'wp_user_level'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[731] = wfWAFRule::create($this, 731, NULL, 'auth-bypass', '100', 'WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wcpr_token'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'contains', 'villatheme', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wcpr_token'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'contains', 'hide', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wcpr_token'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '45', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wcpr_token'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthLessThan', '45', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wcpr_token'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'read', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[732] = wfWAFRule::create($this, 732, NULL, 'priv-esc', '100', 'MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Arbitrary Vendor Creation/Update/Deletion', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.2.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'dc-woocommerce-multi-vendor'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+mvx[\\/]+v1[\\/]+vendors[\\/]+/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/mvx[\\/]+v1[\\/]+vendors[\\/]+/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[733] = wfWAFRule::create($this, 733, NULL, 'priv-esc', '100', 'WAF-RULE-733', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wcfm_ajax_controller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wcfm-customers-manage', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'controller'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'contains', 'customer_id', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wcfm_customers_manage_form'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'contains', 'customer%5Fid', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wcfm_customers_manage_form'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[735] = wfWAFRule::create($this, 735, NULL, 'idor', '100', 'WP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '16.26.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-recall'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'new-order', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rcl-commerce-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_email'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'primary_pass'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[736] = wfWAFRule::create($this, 736, NULL, 'insufficient-auth', '100', 'The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure and Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.0.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wpextended'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpext-export-user', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wp-extended-module-all-toggle', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[737] = wfWAFRule::create($this, 737, NULL, 'priv-esc', '100', 'ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.0.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'forumwp'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'edit-profile', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'fmwp-action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[738] = wfWAFRule::create($this, 738, NULL, 'priv-esc', '100', 'WAF-RULE-738', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'submit', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'dhvc-form-ajax'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', '_dhvc_form_action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[739] = wfWAFRule::create($this, 739, NULL, 'traversal', '100', 'WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/inc/barcode.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'filepath'), array ( )))))); $this->rules[740] = wfWAFRule::create($this, 740, NULL, 'priv-esc', '100', 'Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'save_registration', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'charitable_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'charitable_action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ID'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[741] = wfWAFRule::create($this, 741, NULL, 'sqli', '100', 'LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'latepoint_route_call', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'customer_cabinet__change_password', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'route_name'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'route_name'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/password_reset_token/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/password_reset_token(?:%3D|=)[a-f0-9]{40}/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params', 'password_reset_token'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^[a-f0-9]{40}$/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params', 'password_reset_token'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'password_reset_token'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^[a-f0-9]{40}$/', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'password_reset_token'), array ( ))))))); $this->rules[742] = wfWAFRule::create($this, 742, NULL, 'auth-bypass', '100', 'LatePoint <= 5.0.12 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'latepoint_route_call', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'steps__load_step', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'route_name'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'route_name'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/customer(?:%5B|\\[)(id|wordpress_user_id)(?:%5D|\\])(?:%3D|=)\\d+/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'params', 'customer', 'id'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'params', 'customer', 'wordpress_user_id'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'customer', 'id'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'customer', 'wordpress_user_id'), array ( ))))))); $this->rules[744] = wfWAFRule::create($this, 744, NULL, 'file_delete', '100', 'WAF-RULE-744', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wfu_file_downloader.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(^|\\/|\\\\)\\.\\.(\\\\|\\/)/', array(wfWAFRuleComparisonSubject::create($this, array('request.cookies', 'wfu_storage_'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/^\\/(?:\\.\\/)*(?:var|usr|mnt|etc|tmp|dev|proc)\\//i', array(wfWAFRuleComparisonSubject::create($this, array('request.cookies', 'wfu_storage_'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'cookies', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'dboption_base'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'dboption_base'), array ( )))))); $this->rules[746] = wfWAFRule::create($this, 746, NULL, 'auth-bypass', '100', 'Wechat Social login <= 1.3.0 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'xh_social_add_ons_social_qq', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'xh_social_add_ons_social_weibo', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'uid'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'uid'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'userdata'), array ( 0 => array ( 0 => 'base64decode', ), 1 => array ( 0 => 'json', ), )), 'user_id'), array ( )))))); $this->rules[747] = wfWAFRule::create($this, 747, NULL, 'file_upload', '100', 'Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'xh_social_add_ons_social_qq', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'xh_social_add_ons_social_weibo', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'uid'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'uid'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(p(h(pt?|t(ml?)?|ar)[0-9]?|l|y)|(j|a)sp|aspx|sh|shtml|html?|cgi|htaccess|user\\.ini)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'userdata'), array ( 0 => array ( 0 => 'base64decode', ), 1 => array ( 0 => 'json', ), )), 'img'), array ( )))))); $this->rules[748] = wfWAFRule::create($this, 748, NULL, 'priv-esc', '100', 'WP Video Robot <= 1.20.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'rate_request_result', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'contains', 'capabilities', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'slug'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'contains', 'user_level', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'slug'), array ( ))))))); $this->rules[749] = wfWAFRule::create($this, 749, NULL, 'file_upload', '100', 'GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+gutenkit[\\/]+v1[\\/]+install-active-plugin/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/gutenkit[\\/]+v1[\\/]+install-active-plugin/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[750] = wfWAFRule::create($this, 750, NULL, 'priv-esc', '100', 'WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+timetics[\\/]+v1[\\/]+customers/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/timetics[\\/]+v1[\\/]+customers/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[751] = wfWAFRule::create($this, 751, NULL, 'priv-esc', '100', 'Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_user_input'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_user_input_name'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_user_input_email'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_user_input_pass'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'notEquals', 'subscriber', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_new_user_role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'contributor', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_new_user_role'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[752] = wfWAFRule::create($this, 752, NULL, 'options_update', '100', 'WAF-RULE-752', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+mapster-wp-maps[\\/]+set-option/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/mapster-wp-maps[\\/]+set-option/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[753] = wfWAFRule::create($this, 753, NULL, 'auth-bypass', '100', 'WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'rtwwwap_login_request', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'true', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'email_valid'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_id_email'), array ( )))))); $this->rules[754] = wfWAFRule::create($this, 754, NULL, 'priv-esc', '100', 'Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'registerForm', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'formType'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'formType'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'formType'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(wp_capabilities|wp_user_level)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.rawBody', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.jsonBody', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_meta', 'wp_capabilities'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_meta', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_meta', 'wp_capabilities'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_meta', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_meta', 'wp_user_level'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_meta', 'wp_user_level'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[755] = wfWAFRule::create($this, 755, NULL, 'file_upload', '100', 'Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+hc[\\/]+v1[\\/]+themehunk-import/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/hc[\\/]+v1[\\/]+themehunk-import/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[756] = wfWAFRule::create($this, 756, NULL, 'priv-esc', '100', 'WAF-RULE-756', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+masteriyo[\\/]+v1[\\/]+users[\\/]+[\\d]+/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/masteriyo[\\/]+v1[\\/]+users[\\/]+[\\d]+/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'contains', 'administrator', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'roles'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'roles'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'roles'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[757] = wfWAFRule::create($this, 757, NULL, 'file_delete', '100', 'WAF-RULE-757', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/envato-setup-export.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/(^|\\/|\\\\)\\.\\.(\\\\|\\/)/', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'zip_file'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/^\\/(?:\\.\\/)*(?:var|usr|mnt|etc|tmp|dev|proc)\\//i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'zip_file'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'download_export_zip'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'download_export_zip'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[758] = wfWAFRule::create($this, 758, NULL, 'priv-esc', '100', 'RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'rm_reset_password_form', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rm_form_sub_id'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rm_form_sub_id'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'token_val'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'token_val'), array ( )))))); $this->rules[759] = wfWAFRule::create($this, 759, NULL, 'insufficient-auth', '100', 'WAF-RULE-759', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '6.43.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'cleantalk-spam-protect'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'antispam', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'plugin_name'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'anti-spam', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'plugin_name'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'apbct', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'plugin_name'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'install_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'activate_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'update_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'deactivate_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'uninstall_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'post_api_key', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'debug', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( ))))))); $this->rules[760] = wfWAFRule::create($this, 760, NULL, 'xss', '100', 'WAF-RULE-760', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'fluentform_submit', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'matchCount', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data'), array ( 0 => array ( 0 => 'pregReplace', 1 => '/%25([0-9A-Fa-f]{2})/', 2 => '%$1', ), 1 => array ( 0 => 'pregReplace', 1 => '/%3[dD]/', 2 => '=', ), 2 => array ( 0 => 'pregReplace', 1 => '/%20/', 2 => ' ', ), )))))); $this->rules[761] = wfWAFRule::create($this, 761, NULL, 'insufficient-auth', '100', 'WAF-RULE-761', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'antispam', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'plugin_name'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'anti-spam', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'plugin_name'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'apbct', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'plugin_name'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'd41d8cd98f00b204e9800998ecf8427e', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_token'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_token'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'spbc_remote_call_action'), array ( )))))); $this->rules[762] = wfWAFRule::create($this, 762, NULL, 'xss', '100', 'WAF-RULE-762', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.3.01', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'hide-my-wp'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp-admin\\/plugins\\.php#', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )), wfWAFRuleComparisonSubject::create($this, 'request.uri', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'keyMatches', new wfWAFRuleVariable($this, 'xssRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, 'request.queryString', array ( )))))); $this->rules[763] = wfWAFRule::create($this, 763, NULL, 'obji', '100', 'Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.5.5', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'woo-order-export-lite'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+wc[\\/]+store[\\/]+v1[\\/]+checkout/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wc[\\/]+store[\\/]+v1[\\/]+checkout/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(^|;|{|})(?:O|C):\\d+:"(?!stdClass")[^"]+":/', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'customer_note'), array ( )))))); $this->rules[764] = wfWAFRule::create($this, 764, NULL, 'auth-bypass', '100', 'Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '9.1.1.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'really-simple-ssl'), array ( )), wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'really-simple-ssl-pro'), array ( )), wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'really-simple-ssl-pro-multisite'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+skip_onboarding/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+skip_onboarding/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+do_not_ask_again/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+do_not_ask_again/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+save_default_method_email/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+save_default_method_email/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+save_default_method_email_profile/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+save_default_method_email_profile/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+validate_email_setup/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/reallysimplessl[\\/]+v1[\\/]+two_fa[\\/]+validate_email_setup/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))))); $this->rules[765] = wfWAFRule::create($this, 765, NULL, 'insufficient-auth', '100', 'WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.0.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wordpress-gdpr'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp-admin/#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wordpress_gdpr', 'delete-data'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wordpress_gdpr', 'delete-data'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wordpress_gdpr', 'user_id'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[766] = wfWAFRule::create($this, 766, NULL, 'hook-injection', '100', 'WAF-RULE-766', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+post-grid[\\/]+v2[\\/]+process_form_data/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/post-grid[\\/]+v2[\\/]+process_form_data/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'doAction', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'onprocessargs'), array ( 0 => array ( 0 => 'json', ), 1 => array ( 0 => 'filterKeys', 1 => '/\\d+/', 2 => '/id/', ), )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'onprocessargs'), array ( 0 => array ( 0 => 'json', ), 1 => array ( 0 => 'filterKeys', 1 => '/\\d+/', 2 => '/id/', ), )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'onprocessargs'), array ( 0 => array ( 0 => 'json', ), 1 => array ( 0 => 'filterKeys', 1 => '/\\d+/', 2 => '/actionName/', ), )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'onprocessargs'), array ( 0 => array ( 0 => 'json', ), 1 => array ( 0 => 'filterKeys', 1 => '/\\d+/', 2 => '/actionName/', ), )))))); $this->rules[767] = wfWAFRule::create($this, 767, NULL, 'priv-esc', '100', 'Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'post_cg_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'cgResetPasswordWpUserID'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'cgResetPasswordWpUserID'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'cgLostPasswordNew'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'cgLostPasswordNew'), array ( )))))); $this->rules[768] = wfWAFRule::create($this, 768, NULL, 'insufficient-auth', '100', 'WAF-RULE-768', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wpforms_stripe_payments_refund', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wpforms_stripe_payments_cancel', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[769] = wfWAFRule::create($this, 769, NULL, 'sqli', '100', 'WAF-RULE-769', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '6.6.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'events-manager'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'em_ajax'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'em_ajax'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'em_ajax'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'em_ajax'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'em_ajax_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'em_ajax_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'em_ajax_action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'em_ajax_action'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'GlobalEventsMapData', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'query'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'query'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^\\d*$/', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'active_status'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'active_status'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[770] = wfWAFRule::create($this, 770, NULL, 'priv-esc', '100', 'WAF-RULE-770', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '6.9', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-jobhunt'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+api[\\/]+v1[\\/]+account_settings_save/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/api[\\/]+v1[\\/]+account_settings_save/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+api[\\/]+v1[\\/]+account_settings/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/api[\\/]+v1[\\/]+account_settings/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'likedin-login-request'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'likedin-login-request'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'likedin-login-request'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'likedin-login-request'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[771] = wfWAFRule::create($this, 771, NULL, 'priv-esc', '100', 'AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+appp[\\/]+v1[\\/]+reset-password/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/appp[\\/]+v1[\\/]+reset-password/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'code'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'code'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'code'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'code'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'code'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'code'), array ( )))))))); $this->rules[772] = wfWAFRule::create($this, 772, NULL, 'priv-esc', '100', 'AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.1.5', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'adforest'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'sb_login_user_with_otp', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'sb_reset_password', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))))); $this->rules[773] = wfWAFRule::create($this, 773, NULL, 'options_update', '100', 'WAF-RULE-773', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'nitropack_dismiss_notice_forever', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'notice'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'nitropack-noticeOptimizeCPT', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'notice'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'notice'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'nitropack-noticeOptimizeCPT', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'notice'), array ( )))))))); $this->rules[774] = wfWAFRule::create($this, 774, NULL, 'sqli', '100', 'WAF-RULE-774', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'ccb_razorpay_payment_received', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^\\d+$/', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data'), array ( 0 => array ( 0 => 'base64decode', ), 1 => array ( 0 => 'json', ), )), 'orderId'), array ( )))))); $this->rules[775] = wfWAFRule::create($this, 775, NULL, 'options_update', '100', 'WAF-RULE-775', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'royal_restore_backup', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[776] = wfWAFRule::create($this, 776, NULL, 'options_update', '100', 'WAF-RULE-776', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'ironMusic_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[777] = wfWAFRule::create($this, 777, NULL, 'privesc', '100', 'WAF-RULE-777', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'wp_job_board_pro_ajax_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wjbp-ajax'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wjbp-ajax'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'subscriber', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))))); $this->rules[778] = wfWAFRule::create($this, 778, NULL, 'insufficient-auth', '100', 'WAF-RULE-778', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+mvsp[\\/]+v1[\\/]+export-db/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/mvsp[\\/]+v1[\\/]+export-db/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[779] = wfWAFRule::create($this, 779, NULL, 'priv-esc', '100', 'WAF-RULE-779', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.8.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'payu-india'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+payu[\\/]+v1[\\/]+get-shipping-cost/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/payu[\\/]+v1[\\/]+get-shipping-cost/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'email'), array ( )))))); $this->rules[780] = wfWAFRule::create($this, 780, NULL, 'privesc', '100', 'WAF-RULE-780', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'homey_save_profile', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'subscriber', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))))); $this->rules[781] = wfWAFRule::create($this, 781, NULL, 'privesc', '100', 'WAF-RULE-781', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'homey_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'subscriber', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))))); $this->rules[782] = wfWAFRule::create($this, 782, NULL, 'auth-bypass', '100', 'WAF-RULE-782', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.0.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'biagiotti-membership'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'biagiotti_membership_check_facebook_user', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'biagiotti_membership_check_google_user', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))))); $this->rules[783] = wfWAFRule::create($this, 783, NULL, 'options_update', '100', 'WAF-RULE-783', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'apus_import_sample', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[785] = wfWAFRule::create($this, 785, NULL, 'rce', '100', 's2Member (Pro) <= 241114 - Unauthenticated Remote Code Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '241114', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 's2member'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '241114', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 's2member-pro'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/<\\?(php|=)?/', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( 0 => array ( 0 => 'filterKeys', 1 => '/s2member_/', 2 => '/custom_fields/', 3 => '/.*/', ), )))))); $this->rules[786] = wfWAFRule::create($this, 786, NULL, 'insufficient-auth', '100', 'ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'lps_generate_temp_access_url', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'lps_reset_settings', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'lps_revoke_access', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[787] = wfWAFRule::create($this, 787, NULL, 'privesc', '100', 'MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation', 0, 'log', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'mainwp-child'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'function'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'pubkey'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthLessThan', '1', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'uniqueId'), array ( )))))); $this->rules[788] = wfWAFRule::create($this, 788, NULL, 'obji', '100', 'GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'give'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'give_action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/give/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'matchCount', '/s\\:\\d+\\:\\"(?:O|C):\\d+/', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))))); $this->rules[789] = wfWAFRule::create($this, 789, NULL, 'privesc', '100', 'WAF-RULE-789', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.0.2.284', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'javo-core'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'register_login_add_user', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'jvbpd_ajax_user_join', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'notEquals', 'subscriber', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'customer', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'role'), array ( ))))))); $this->rules[790] = wfWAFRule::create($this, 790, NULL, 'auth-bypass', '100', 'WAF-RULE-790', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'likedin-login-request'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'likedin-login-request'), array ( )))))); $this->rules[791] = wfWAFRule::create($this, 791, NULL, 'priv-esc', '100', 'WAF-RULE-791', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'foodbakery_registration_validation', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/(capabilities|user_level|role)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'social_meta_key'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'social_meta_key'), array ( )))))); $this->rules[792] = wfWAFRule::create($this, 792, NULL, 'file_upload', '100', 'WAF-RULE-792', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'social_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'login_submit'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'login_submit'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'twitter', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'social_login_provider'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'social_login_provider'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.php.?$/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'publisher_profile_image_url'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'publisher_profile_image_url'), array ( )))))); $this->rules[793] = wfWAFRule::create($this, 793, NULL, 'sqli', '100', 'WAF-RULE-793', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'um_get_members', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', new wfWAFRuleVariable($this, 'sqliRegex', NULL), array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'search'), array ( )))))); $this->rules[794] = wfWAFRule::create($this, 794, NULL, 'file_upload', '100', 'WAF-RULE-794', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-ajax\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'raven_form_frontend', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(svg|svgz)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'editor', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[795] = wfWAFRule::create($this, 795, NULL, 'priv-esc', '100', 'WAF-RULE-795', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'wccm_customer_assign_roles', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[796] = wfWAFRule::create($this, 796, NULL, 'file_upload', '100', 'WAF-RULE-796', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.149', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'security-malware-firewall'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(zip)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.fileNames', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'upload_files', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[797] = wfWAFRule::create($this, 797, NULL, 'priv-esc', '100', 'Adifier System <= 3.1.7 - Unauthenticated Arbitrary Password Reset', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.1.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'adifier-system'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'adifier_recover', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))); $this->rules[798] = wfWAFRule::create($this, 798, NULL, 'options_update', '100', 'WAF-RULE-798', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.7.7', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'industrial'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'merlin_get_total_content_import_items', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[799] = wfWAFRule::create($this, 799, NULL, 'insufficient-auth', '100', 'WAF-RULE-799', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'gsf_save_options', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'gsf_upload_fonts', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'gsf_import_theme_options', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'gsf_reset_section_options', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'gsf_create_preset_options', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'gsf_delete_preset', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'gsf_delete_custom_font', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'gsf_change_font', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[800] = wfWAFRule::create($this, 800, NULL, 'priv-esc', '100', 'Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'ct_add_new_member', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct_user_role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'notEquals', 'subscriber', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct_user_role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'buyer', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct_user_role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'seller', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct_user_role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'agent', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'ct_user_role'), array ( ))))))); $this->rules[801] = wfWAFRule::create($this, 801, NULL, 'priv-esc', '100', 'WAF-RULE-801', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'sf-booking'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'freecheckout', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'update_user', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'update_customer', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[802] = wfWAFRule::create($this, 802, NULL, 'priv-esc', '100', 'WAF-RULE-802', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.2.4', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'workreap'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'workreap_social_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'workreap_reset', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))))); $this->rules[804] = wfWAFRule::create($this, 804, NULL, 'file_download', '100', 'WAF-RULE-804', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.9.1.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'uncode'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'get_oembed', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'urlOembed'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^(http:\\/\\/|https:\\/\\/)[a-zA-Z0-9\\-\\.]+\\.[a-zA-Z]{2,}(:[0-9]+)?(\\/.*)?$/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'urlOembed'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'urlOembed'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'recordMedia', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'mle-code'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^(http:\\/\\/|https:\\/\\/)[a-zA-Z0-9\\-\\.]+\\.[a-zA-Z]{2,}(:[0-9]+)?(\\/.*)?$/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'mle-code'), array ( ))))))); $this->rules[805] = wfWAFRule::create($this, 805, NULL, 'xss', '100', 'WAF-RULE-805', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.9.1.6', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'uncode'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'recordMedia', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\[uncode_author_profile(?:\\s+[^\\]]+)?\\]/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'mle-description'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'mle-description'), array ( )))))); $this->rules[806] = wfWAFRule::create($this, 806, NULL, 'file_download', '100', 'WAF-RULE-806', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.4.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wpforo'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/participant/[a-zA-Z0-9_.\\-@ ]+/account#i', array(wfWAFRuleComparisonSubject::create($this, 'request.uri', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'member', 'avatar_url'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^(http:\\/\\/|https:\\/\\/)[a-zA-Z0-9\\-\\.]+\\.[a-zA-Z]{2,}(:[0-9]+)?(\\/.*)?$/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'member', 'avatar_url'), array ( )))))); $this->rules[807] = wfWAFRule::create($this, 807, NULL, 'file_upload', '100', 'WAF-RULE-807', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.0.9.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'everest-forms'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(p(h(pt?|t(ml?)?|ar)[0-9]?|l|y)|(j|a)sp|aspx|sh|shtml|html?|cgi|htaccess|user\\.ini)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( 0 => array ( 0 => 'filterKeys', 1 => '/^everest_forms_\\d+_/', ), )))))); $this->rules[808] = wfWAFRule::create($this, 808, NULL, 'options_update', '100', 'WAF-RULE-808', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.16.2.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'bm-builder'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'ux_cb_fonts_lists_save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'ux_cb_fonts_definition_save', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'ux_cb_tools_export_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'ux_cb_tools_import_item_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[809] = wfWAFRule::create($this, 809, NULL, 'file_upload', '100', 'WAF-RULE-809', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'newsblogger_install_activate_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'newscrunch_install_activate_plugin', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[810] = wfWAFRule::create($this, 810, NULL, 'options_update', '100', 'WAF-RULE-810', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'uip_save_form_as_option', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[811] = wfWAFRule::create($this, 811, NULL, 'auth-bypass', '100', 'WAF-RULE-811', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wp-realestate-manager'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'likedin-login-request'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'likedin-login-request'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'likedin-login-request'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'likedin-login-request'), array ( ))))))); $this->rules[812] = wfWAFRule::create($this, 812, NULL, 'priv-esc', '100', 'Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '6.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'uncanny-automator'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+uap[\\/]+v2[\\/]+async_action/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/uap[\\/]+v2[\\/]+async_action/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[813] = wfWAFRule::create($this, 813, NULL, 'priv-esc', '100', 'WAF-RULE-813', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'imithemes-listing'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'imic_reset_password', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))); $this->rules[814] = wfWAFRule::create($this, 814, NULL, 'priv-esc', '100', 'WAF-RULE-814', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.9.30', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'vikinger'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'vikinger_user_meta_update_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'keymatches', '#(?:user_level|capabilities)#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'args', 'metadata'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[815] = wfWAFRule::create($this, 815, NULL, 'auth-bypass', '100', 'WAF-RULE-815', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.1.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'user-registration'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'user_registration_membership_confirm_payment', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'notEquals', 'failed', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'payment_status'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notEquals', 'succeeded', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'payment_status'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'member_id'), array ( )))))); $this->rules[816] = wfWAFRule::create($this, 816, NULL, 'priv-esc', '100', 'User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.1.2', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'user-registration'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'user_registration_membership_register_member', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'members_data'), array ( 0 => array ( 0 => 'json', ), )), 'role'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'contains', 'auto_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'form_response'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'free', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'members_data'), array ( 0 => array ( 0 => 'json', ), )), 'payment_method'), array ( )))))))); $this->rules[817] = wfWAFRule::create($this, 817, NULL, 'rce', '100', 'WAF-RULE-817', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.0.18', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'ninja-tables'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/admin\\-post\\.php$#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#wpf\\-async\\-request\\-#i', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'args', 'callback'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'args', 'callback'), array ( )))))); $this->rules[818] = wfWAFRule::create($this, 818, NULL, 'rce', '100', 'UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.5.07', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'uipress-lite'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'uip_process_form_input', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))))); $this->rules[819] = wfWAFRule::create($this, 819, NULL, 'insufficient-auth', '100', 'SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+sure-triggers[\\/]+v1[\\/]+automation/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/sure-triggers[\\/]+v1[\\/]+automation/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+sure-triggers[\\/]+v1[\\/]+connection[\\/]+(?:revoke|child-integration-verify|update|disconnect)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/sure-triggers[\\/]+v1[\\/]+connection[\\/]+(?:revoke|child-integration-verify|update|disconnect)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthLessThan', '1', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'St-Authorization'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'St-Authorization'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'St-Authorization'), array ( ))))))); $this->rules[820] = wfWAFRule::create($this, 820, NULL, 'priv-esc', '100', 'UrbanGo Membership <= 1.0.4 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'urbango_membership_register_user', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '#user_register_role(?:%3D|=)(?:administrator|editor|shop_manager)#i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'register_data'), array ( )))))); $this->rules[821] = wfWAFRule::create($this, 821, NULL, 'priv-esc', '100', 'WAF-RULE-821', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'reales_update_user_profile', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'user_id'), array ( )))))); $this->rules[822] = wfWAFRule::create($this, 822, NULL, 'obji', '100', 'WAF-RULE-822', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '6.4.0.1', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'uncanny-automator'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'automator_handle_authorization', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'automator_keap_handle_authorization', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'automator_threads_authorization', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[824] = wfWAFRule::create($this, 824, NULL, 'backdoor', '100', 'WAF-RULE-824', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', 'c790cbc3c4338d1467a98957996811c0'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+custom[\\/]+v1[\\/]+admin-command/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/custom[\\/]+v1[\\/]+admin-command/i', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', 'c98d48a702d2fb75df0353af9c222655'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', 'c98d48a702d2fb75df0353af9c222655'), array ( ))))))); $this->rules[825] = wfWAFRule::create($this, 825, NULL, 'options_update', '100', 'Order Delivery Date for WooCommerce 2.0 - 12.3.1- Unauthenticated Arbitrary Options Update', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'orddd_import', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(json)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.fileNames', 'orddd-import-file'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[826] = wfWAFRule::create($this, 826, NULL, 'priv-esc', '100', 'SureTriggers <= 1.0.82 - Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.0.82', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'suretriggers'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+sure-triggers[\\/]+v1[\\/]+connection[\\/]+create-wp-connection/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/sure-triggers[\\/]+v1[\\/]+connection[\\/]+create-wp-connection/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))))); $this->rules[827] = wfWAFRule::create($this, 827, NULL, 'priv-esc', '100', 'WAF-RULE-827', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+wp[\\/]+v2[\\/]+users[\\/]+me/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/wp[\\/]+v2[\\/]+users[\\/]+me/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'cubewp_user_meta', 'wp_capabilities'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'cubewp_user_meta', 'wp_capabilities'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'cubewp_user_meta', 'wp_capabilities'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.jsonBody', 'cubewp_user_meta', 'wp_user_level'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.body', 'cubewp_user_meta', 'wp_user_level'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'cubewp_user_meta', 'wp_user_level'), array ( ))))))); $this->rules[828] = wfWAFRule::create($this, 828, NULL, 'file_upload', '100', 'WAF-RULE-828', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'thegem_theme_options_api', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[829] = wfWAFRule::create($this, 829, NULL, 'priv-esc', '100', 'WAF-RULE-829', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '5.6.67', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'motors'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'user_id'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'hash_check'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'stm_new_password'), array ( )))))); $this->rules[830] = wfWAFRule::create($this, 830, NULL, 'file_upload', '100', 'WAF-RULE-830', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '#/wp\\-admin/#i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'crawlomatic_restore_rules'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'crawlomatic_restore_rules'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.fileNames', 'crawlomatic-file-upload-rules'), array ( ))))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_restore_rules'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'echo_restore_rules'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.fileNames', 'echo-file-upload-rules'), array ( )))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[831] = wfWAFRule::create($this, 831, NULL, 'xss', '100', 'WAF-RULE-831', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.4.5', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'wpforo'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'keyExists', 'member', array(wfWAFRuleComparisonSubject::create($this, 'request.body', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'profile_update', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'wpfaction'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'wpfaction'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(svg|svgz)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.fileNames', 'avatar'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserCannot', 'unfiltered_html', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[832] = wfWAFRule::create($this, 832, NULL, 'priv-esc', '100', 'WAF-RULE-832', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'inspiry_update_profile', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'realhomes_user_role'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^(subscriber|agent|agency|customer)$/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'realhomes_user_role'), array ( )))))); $this->rules[833] = wfWAFRule::create($this, 833, NULL, 'priv-esc', '100', 'WAF-RULE-833', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.1.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'sala'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'change_password_ajax', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'login'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'new_password'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'identical', '', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'new_password'), array ( ))))))); $this->rules[834] = wfWAFRule::create($this, 834, NULL, 'priv-esc', '100', 'Eventin <= 4.0.26 - Missing Authorization to Unauthenticated Privilege Escalation', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+eventin[\\/]+v2[\\/]+speakers[\\/]+import/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/eventin[\\/]+v2[\\/]+speakers[\\/]+import/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[835] = wfWAFRule::create($this, 835, NULL, 'file_upload', '100', 'BaiduSEO <= 2.0.6 - Unauthenticated Arbitrary File Upload', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', '49', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data'), array ( 0 => array ( 0 => 'json', ), )), 'BaiduSEO'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(php|php5|phtml)$/i', array(wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data'), array ( 0 => array ( 0 => 'json', ), )), 'img'), array ( )), wfWAFRuleComparisonSubject::create($this, array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'data'), array ( 0 => array ( 0 => 'json', ), )), 'img1'), array ( )))))); $this->rules[836] = wfWAFRule::create($this, 836, NULL, 'backdoor', '100', 'WAF-RULE-836', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', 'd04cf671901879f40b0e5d32d1c56fd2', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '7dde0939bd65e5d61e020e3dfcfd8553'), array ( )))))); $this->rules[837] = wfWAFRule::create($this, 837, NULL, 'file_upload', '100', 'WAF-RULE-837', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'stm_lms_add_assignment_attachment', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\.(php[0-9]?|phtml|htaccess)($|\\.)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'attachment', 'filename'), array ( )))))); $this->rules[838] = wfWAFRule::create($this, 838, NULL, 'auth-bypass', '100', 'WAF-RULE-838', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '1.7.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'golo'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'fb_ajax_login_or_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'google_ajax_login_or_register', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'email'), array ( )))))); $this->rules[839] = wfWAFRule::create($this, 839, NULL, 'priv-esc', '100', 'WAF-RULE-839', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '3.3.0', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'workreap'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'verifyemail'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'key'), array ( )))))); $this->rules[840] = wfWAFRule::create($this, 840, NULL, 'insufficient-auth', '100', 'WAF-RULE-840', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '2.8.3', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.plugins', 'ai-engine'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/wp-json[\\/]+mcp[\\/]+v1[\\/]+(?:sse|messages)/i', array(wfWAFRuleComparisonSubject::create($this, 'request.path', array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '/mcp[\\/]+v1[\\/]+(?:sse|messages)/i', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'rest_route'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'rest_route'), array ( ))))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[841] = wfWAFRule::create($this, 841, NULL, 'rce', '100', 'WAF-RULE-841', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', '9a9c2626229440db5ec32d9cadd13048', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'notMatch', '/^BBACKUP_(?:Ajax_Handle|Download_Backup|Ajax_Handle|Move_Extract_Backup_Upload_File|Restore_Data)$/ix', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', 'e1260894f59eeae98c8440899de4df8d'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[842] = wfWAFRule::create($this, 842, NULL, 'file_upload', '100', 'WAF-RULE-842', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'md5Equals', '2ec59ed8bf4572507c67d572dbd63cb8', array(wfWAFRuleComparisonSubject::create($this, array('request.md5Body', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.md5QueryString', '418c5509e2171d55b0aee5c2ea4442b5'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'currentUserIsNot', 'administrator', array(wfWAFRuleComparisonSubject::create($this, 'server.empty', array ( )))))); $this->rules[843] = wfWAFRule::create($this, 843, NULL, 'auth-bypass', '100', 'WAF-RULE-843', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'versionLessThanEqualTo', '4.7.8', array(wfWAFRuleComparisonSubject::create($this, array('wordpress.themes', 'noo-jobmonster'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'match', '/\\/wp\\-admin[\\/]+admin\\-ajax\\.php/i', array(wfWAFRuleComparisonSubject::create($this, 'server.script_filename', array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparison($this, 'equals', 'check_login', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'action'), array ( )), wfWAFRuleComparisonSubject::create($this, array('request.queryString', 'action'), array ( )))), new wfWAFRuleLogicalOperator('AND'), new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'notMatch', '/^(?:fb|linkedin|gg)$/ix', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'using'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'lengthGreaterThan', '0', array(wfWAFRuleComparisonSubject::create($this, array('request.body', 'id'), array ( ))))))); $this->rules[307] = wfWAFRule::create($this, 307, NULL, 'brute-force', '100', 'Known malicious User-Agents', 0, 'block', new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, 'equals', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#mozlila#i', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#^anonymousfox#i', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'Referer'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'wp_is_mobile', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'ALittle Client', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'equals', 'ALittleClient', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))), new wfWAFRuleLogicalOperator('OR'), new wfWAFRuleComparison($this, 'match', '#colonel#i', array(wfWAFRuleComparisonSubject::create($this, array('request.headers', 'User-Agent'), array ( )))))); ?>㸑(|~J;kfNn{omoOo}ID5Isγ8ϛ'9^$eu{vwUD @ /W/ӗ޶ܥӿ?*ӫ!#iK1}ޒ(&ȊL_f+/OK9Y'O^e;Dy{.;n_w+~/;RF 'O2%W*ۗd_~z/?%~yVy>JT{mXUeȧW yw򟴖gˬ,~.z]!>e0uFUC%ۿwFXfW^ǿ |^(ɾ̓}|FA_q촙4ٿr~x_!kR?O*)b&`OJF]k2EdɲMJl׭.:RtH״$9:<yV%2RVݓUٷU$Sv\y%[pHU]^?ڥd+]ΣoٽW _(|jք.lJT; +[h'?E 3a2ΨKgL1:4af:e(/E?ݑr'64S磳bLU` W7?dm?|xH(.Ż;ӻ |]i0&O~I)A?e*IIOi;YNEDq _m$jwb ,ߩbVoE$t:?"S(w$NOUj=-I~:M?/L2`:ΡʔyNRGS` QL|ot;0_֌v 9sr,SېP='E,'Z(@&Ͳ]痏٥Y1[x_Q̍5G0՘JXl= Bl<->)KQbh~<د795(dG7{f+ nUQ#z?z$E;u14> v5 b9;W]G$}옯Ͽ"?? F{ p<-5ߟo!U?]\@p9 .=ȱZbᵈ,, fy˱ 17e'#d/E&7lGo^2HͶʉCO[d `o( 'b.=DM`t}ȓhunȦXzEbѷ'M)0&iWl*}\_0TOc?}'p6?Ш?vѳq"=i2d`PW^ܞdJ17F@?OHNu oϨ^bʹRWo=?&z4>w?_}?=Dǫ,>_|}\AMpSމN4Я(;kkpn8^\P`Oge<ܱh.?)ZЏ~l2J2,*ī-Yώ~ʻNPlAINV%~|gΌnQHQv>ey\HLj  &MC4zQwiK~:q),!' U.op7s p~dP'6&}@.I虙v{0ۧLS| qmaGCi' h m+$:Öf_HմYl=j^-}LVOT}ZFmk^8;yk˳}&ȫZ4i&! ]^h(( ITb%j<]Fc1΃Cw#GyVVKD_KXD =5?wWvt;Ȏ,"I.hF/'s.A;<ozyL[lo~?̏ۿߓ<-ɠfb*,5`~_gNc d*yퟗ$cQ(>KNdFџ*#ݟNa$%_ot MN ; ٫Yy2=mܡDB=z݅& WA(e<|1N^X`#t,jwj!d$[ ~'_[@lWjl ҪmU1J{^O*Y^¯gzUnIb-gގ;񛃾wSV矄_iFMMLSCG%*?eGޗb`a\xA8x/{udUWu[gLjW|_ }A(e8\;4_1T2֢Wz>; $M3w *KB| yNM=#ߥd]ԑ_V)eVnٕ4hrPt:͢R} $ EWco^L@u"ه-bh¾87YC'[IAm;jL{f߅ p լDb< t2 %7Q!ո^ՆRJop%qu%1VX*N`w[o鐱2Z'>rj=LbQ+A*vQ1ZL0(F+d2;ewք\pWfyMB z_l&^wu{ydҚ\o&}1{u[-R& }8}͗F{:ptÒM>}ZӔL>u32:!Dx/Ku#R\ݱ6rWwCjRw6Ș g ;a+tX/j4ۃpHEڣе'xW 03`Su֨yv=+dtAPՑw&OW˯?o_wtxս>o?o⫿ Bz?G_}o_}/9-zoWWfT_Gػ^⏿da=ӟŗ/>?KFܯh3Ui=tC\Mό͗_W_}/b=+y;U[vniL,6Wޒ*K#m`o~S`E ]+Q#I/X\7U|T[(ëR^XlT.Y0`3o'[x~=>]+Z =O~jBI!~:<2gbT p~_'sVޟH59F9=MJ"nqِ&2S^dcJZt[kvpe"Y&iR>_} ftx$%Bnz1O_Þ.T٦øl;T+J<5Pm&Z{Zյ=-^m'oE04Rf?%f5 UQ7,d8haGmċg:(6Ti;* :7 a#U&(&[/j+%asvG.e=.)3~~8<=@ kz]&>|팚 C:jSdck$'NbIbVy߷Ďyz-HBk_'_!?3VxLqoomb.f@t/ߔ[hZۍ݊n;www5}J0z\Z)$p,~/OR uXk}ۄ}kc߶a62yJӿZPa% K8=p^]~ƱSa?|@2ZYOHQώτ?}sӟ+HRe;OTsQZ)MO_{?v=O5 A[HڲUzLۧ`ӅN'\?:<]Uڢ_-p Us[iov>Yń**W[eo'oњiy{(I9?󲵰B~ p.WŠRMTI]jqσ/iʼ}VztTz wW,_|y, | ٯ}OI?0(1 !w_(ʱa/F*a0a(/_q+},.>mf6<~\ǩ<kLDUg՘|ߐ5Kv{{* n?~^C4LB._̩13᯾\1)2ҧ?$\ -r+J~ RHp[GY?gq~GG<>痋6ϸQi|?~MWgQ+%ثW_/ υZHnOH~ 5}~gRa60gA"qbXOJX˲r qGBW ˾Ɇh:U>&eI;~9EF_' W dϓ$v 0+,>{dwPU1P}$m㜘pSo;l)1qA F` X`e8JTy1 8K-izwՌ^Ab͏R4tha9pXc*W(Isq4ucSyQ=$;5͵9u&1|!JQ8FBMal 4<)ʜ!3H3%A;;4D@ Y(?mޡPjB" C2?s٭ a!Ԓr`HQA%04^h {OP^1+Idfh*$ݡPlIu oT"GP68!@<8L+H(ĆI!86seCrcOܘ'@׫ÞY3U(GV).R:},S3uúA 9Cⓞš`,`TEm]lDoB"$EzMѓ'0Pxn7Kw(*sWˋs{8y}PlrՅBj]&x:X8ҎY .(IќGqBM:Ѽ@V)f\:U׀ZuaJ,xT5y[EW6ҁ/RQW ]{\EwL|JcjrOΠlf(Y#8gGmGRSu>DEY:BG`jst|*vg1#!~1,t=\̮jHaBJRH]PMhs &XJ\#JMח?Rus;4H_l";4]d?JDZDL' *I )ȡ?Mǚ\={?k-)8F$vz(ߚwhsv0]R~}}B V7|i"vXgܹ6kp-ɓwZ[B›7vM$CT\=s{ fE$IU;swGIDWra7DU{~BXcn{s+\E(B=ǾzÃwv{60,MAXx$*ȹMNRj4Q{6l}k^lfmaUF=Z-gc5\}ze|X%e)u\0'`:!sI/D*e St4t:~B59h*<-oIFTiP2+wd,\A?ʌ/!Z%3j"&Ow?1mP}d }@BV, =f}P񥿽B|e &O[46]uc~+ǰVyLy]jHH7W»w[@0M$ ˴)RW>g\2\twOuF f`US3})5.kkp[ޛtf5yE?f\WYx}ś'NWE{.t@' 7fv{Cu9DxIH^jLغ?rTC^[P]vj[Sѽ>\]kO[[׉',= XN럠Oޠ>R#Dg7.V*sxqXynk-m GiaxQ.45{>$JzIxqqg~[sVق8,0Qn@^mlr2O,emj`yLHˉ5%^ޠc}/YlG<аҦPQnfO M},M V1ͺ2Y}@+פ!\ٴƇ+{ux{X2. c/ly Aގ/'7cJ`F'7't,7әY vQK!'mL!(wÇÇ죇9FD-!Ez)rx)UfB}r\\lZ>7V~ }saNRqG]Mg|CERq Fw..{JRXPvIGB3d6ıU~`?bx(aLbK굠L*" aWc0u PsS9^s*m &}ZT~@Ξf]=*pDW3{ w|=B qW/M74Fp yԷ(G&MCK"U׮A $^PJڱda a%y~]mkQV G%gm5_{ ٿ%%Kc[,ʔ23tsnD˅P_о\\eWkQ?7p.<+e5 AGYk 5M`¨ٺ6cMcY˭ao}x/WF T  k_{`6FqtP?#ڂXZVYS|t3yVQMdfiQVC2L#*!}sܴ á"Te&!%Wn)tP)XV}r`uKii5ȇiUP+ ,l3faUL|[;MZ5$I0< y RDG\$4psЎ\jQU.SgOVIܐ2ϗ mQ8gIDtgUbNi mK{-w]8w &,Y߶ܥ̞H|*`[\:@i O⵫0c`fuBXъbP Q2>}A!X(Oh|xwp/*T<2.cfϱ7"I=E>fĄ{QTj Tw넶V .W^HO*.!3GsL:{bP:HTVovQG մ3,j!5{}?9Dyѓ.Mh!J!W.0Pڮq*SχGJvm -DdQo`Lk-3J̍d{3"GIݿvɁBj숫E="C ZX#y&=\MJŷH]4ۈOE,/,xǻZr!]"8PN.H "iYPj"ob!~Stw-ZH;s3TWN/w.U8G/nF4ژ@d(Ub` "TjVuoѯ؏Џؤ.8prn8~Ǝ8/W+ vX9@Yw6nX5dRd )^WQnt~aS՗F\=QHxb8\byT#_37_ H|(+5{)["]Ra/foĪy /OVZhyKp)>}~e)#je (†^茊 hS"nƲm>K!җ3*Yg)w.u:GUE=fEG~3:}@hЪy PSG~`DG N^V*K !>1C]S k~(tk$n;/}!, *vE7OoVz:]1B\@3Dk1Pì<"rf`ODAzix(PžިMKvI[.\i$V O<L0\@$qN 4¤=abJ Y˜(#)3b1mƸej’h}Q: %cz%qstphcF?ié)dI-.$Bax\eFEUhӌO?y7?#V4g9ge+h ݺޛ!د/Z^?=#1!> piwT"F>.rvxσlA"$=H/*rS2'.%DKJw*yQh9D:S)5Y>g9= Fyk! vWR{ r^@ #cĮ0Z'he0jS4o̐WTgQ#9j͉}8z󆛠 `{Qkubbo܋(Zdέq`at Yon5/?JKo 4+˼2E_ TY~Ƣ.NذbJdJRA6C߄T.;St"XVSЎ/b^h=+;o7wȳ*E@LP] v>bgg#zt*S^ JZ=x-:%E:)xd4F 3M}GId_?Z._lȺobڙ8z2+y^H>ЉWRAj;7Z]fA3 8]_ 51@m\6ǘL3;o4dni}_<8"VR֨b`4#5͏Vd}J'ZEMQ6sGԂy0T>!^##|DZwݺ}ݐKj]Ҏ:cWv~)}|73nOیm3{V~7v!:.q̜asx$p9!cqr/=?nV>O]#}b'žԒ:_ /L'UᆽeMeۼ;H"تDp*B%B(ڒD_Pe_hOIՐł7fPh<@kj|JT!1;H!ѶcF}RR4_Èx4|^=cf`bJvy/*Rd̬ #]C(t}'q^ ^.%B~/Z^5Vd+w! 0Dnc[6O'9[A6 ((xw5N|q 5dƉ t&E3b lɂ}}0qgc8U8 %LҫX',/ZVC1;F D.YU?MI GD5UlQZp]%fyhEYCRBS'2bk:'#B}{,MeUC'{/+O2vhۋ]}̝!}?N)ժʂ ,J{6=6XEeiJpSs7.uYY4ߓ2oO5Nr㥊 q+lٹCNc< ݟt k-Q&:n`C7_[Q{P,roPӏ{:@~m*|nFdxXgM[qıd7[jTn4#--Ro 0Y|zn^S st g!q4 wܘrBV 8Z-V] ?UN{)~oNŠ ncэ/lj}z6t G!8i;u,p[ϡ3].on.51u r2 nYmR,P*84];n ]ˠ)p!By6XsFi^f4)얋'e0O9:;}pY+pr|ϔհb1YqE5EN Ej(f}U6{Ȯ9](ě'Va uVL]VWqM{{î0/tf@=ȗ,^yUnkeMAz_괳}oޗӸtWQEnvZ+bm=Ǻ݊ٲ;Ձt"7- b"'B< g޸A c# bĭ[E5QhZebbu2V{\D_1 y!Dʀc\ԝ? 5xi/.vhEA4`K5(4TcQ3ʘ*dثD:nu gXh{o!sL[t~xѓY8 ±*49t\)R-)~YPOr|ѓ&?S0,gkT8%jt -r[&]kP_L-0()u ~pbeĺoGZ'=\zۋdZ99 x̜,_4m5?gM gSemC}yU{ͳ95-CĔ>>PB2c)ȋG1՟ Nb01+ACFdž*V)xJ1}yJ;@HjvEf(VKᅽYIgݐ_?U ii3O/ć u!ΓWsX/x)^]ec%{+))8d"y L]ݦet4,2;r4R]-wyoF+5X4荢a0׳社o0L\xtI|P^t}yQfH][t[O L@czɔ$ % iKP|(W;xR/?,$;hDŽ2OqbV-"pe9ʭNIK̥@+F8B@`ˆ,̇m%]b_ol/$H kUHNi!BT^Ɇ{;-Wzdp cϽXPZ,tBq`i'ˇh ނ9|mT̘3B@g@9̂g0;묫vƈ̷3yAm%/i&i@ʭB7;AkU5|i&u3q ~*F,uE%?&auE]ղE7c?cT55sysu ΎKjTVbDi"2\ +X!c.)Mbݳj-I: 1ܤuh++ E]q7N;(#Yکͮ}S!`2{gi ')t=)aLЈ'e_S7ަK5[ ]Wߞ+"಍qZƞuXw k''!a:F?<;#!]ql{n[Ξꜥ|&<Jy4jǥ/}A #,edQQ@v?+S/ʕn0N]aM :3lx,sUr>Ԋ?+KwEd͗s;D GzJ2#Q?J6>URt4B&$J!]3/BK=㈛m,b}KJuJQ]򣲌V[_ AζC@R:Uz2.1 ]7H''͍n^^5ؽ>k*R$h!|rxɺj9!џ:rc1:mՆ_ƛ`) v%t $@')-]2P-ٯ3o;sB KI2^ )#!ST:Eԕ:FUTcR5_&.-n@@V u?VK"L_68~! ? h*}ۅXޘsO3JⲧQ - 4wBrmÆe,EMBG.YEgabFR {%18MOԹ^xg?S:ހ'ԡY t#AZ_(8QeQX.8XOzYb*Hxr%lbZ^' X+*Sw/!)4Y<lܷ!a`Gr 9]biڿdT^1ۺV=Pqil; >k5x)Cyѡ]<]Crr,dwjD2F$t^O8:%QLEQS"N8uɃc{Yt:몤l~lꃾϺb\iivl[x؝nOcwcViMo:c.1P#݌ҕ`)}*s.BU҈WPG^V(6&QgՁ&Qs'Qoɷ&Q?9t1Gbnt*C†.Ж_>fP.a/AĠ|0~³SF#5~7%+v HnQ= rϊ=lK~ێI33i fsҌOQIS'_yHDѧ!B1 Yk۴iUmMߟ.j˘#l!|kc<_Eyv,=Z?4sY͆ѓ y[Teb?4Y p_oC`%;#Xh lcكp2$LQw0>1&nncp`ykr)q%\nPJx_ ):nGqW`ɴnmkuEqMY*^!Э٪5MS25Ϊ"Re P z$D2)"1K>=9 %VvI:s(wycu&ٸIA&f;Iܰ|Nz.Y'_>rRW$}Ğ݇qjP2 !` "^ˆA;qbjbzb8#uaia:0"qj ca C4f͢xQ|+JVRP&<*q^Ce6TrNR uJ*{VG_@#hK~GmZÂ%JXro`ϣ A1vUenv y jA]-} ^~ Fp'v)71%~> !(HkgmI= 6h jQaYUcB6mqfFmlrGQ&_G&qTUrСta!ο, }z0x *~me# d_.+ >XN{- 9D@a؀<9,NszFz;:=K %w׽uVLs'&bEJ&uHDRg>Sƫ'{}u+}״P-yMJ|]#AzD- :0dhW=tfVKL4(>6Jv}5}m!\fVӫ^xMӣ +RWXE9G# rd6;D`B2mrKrSeb$SHUZ] k˵,`TϤpr􃃰 )9: >#4muе Cgu*.07qa6dzQ;5Rr0yC6R6]+7TWóqT S&-Ŗ'cHQ]i+"N{:PtWN ld|QYU7+?W>uWJ <onePʀX%k_SpX-egӸ圤P_~ihz8:㏻x2qv@uR 1 &Yu[,̀;n-^n8]\Bw@h7я(11>G5:~|,ID"㣍~Lчf=@oPzh2gBчT܍Toaz&с)0z]TobF`5&3#mb4ۙY0Z- 0Y'&'j\NOf [6 P1Ykٵi3Y#pl2ϴ$?Ҧ6V8}ڢv= ,0#[! !:1bhr`~m92&fL1ۭ .vo`V"Q&=UW:Y!>׻41ԍFd=cW:gGܦZ{(0¼ m3sw>4Cw\5Dp># ͱeʭ?ol]޿bѾkc]Xxzxr{4S5*u :AAAf` 'd@Zcة ͚PcM8FX&b0Ytl4 1\ \uʨU`F58eԉ393n̸ggfu֌f܉5Y3Y3BX3ieͤk&te")BCSR};ڒ}_"[F#sh GbA.94Ơ(alITrki D[pIgO)|\hvo`EDT/u pT! Y)8N5{$ ''lވ"p㞹ad9S JGPMjF Hz?qN` @d-w-:^S9_x8_I^I P/*X`P"Ԗk:w "@@!s +^/ލq)t%[&)Z,82'.MJEIN4z- }"P΃X 1 O?#W-\95&97E57Dg֖϶lrnVd/_ 0I5F"GɹMl-578UF~ˏZFWnI*&D4Tr %Vv@tZ:Zh15(\ ՃDwok*æ1YwQA9;FMN`P? Z+f@"Swsy|WnQAJ4 ))i! rκ:!iN+>NGw" @7]ahkkղ-gYTqV|CG6@pSlwrSmw.: Y1YeYR.6Yߓh $~W.։:۝FQAP|OO{B:ܣZp\/t㡹)v+H׫mwt5cÆ4 j#$G\柳u4M)nɎ`a\/f)n^ɒp=%4]" pQ@- >E:ҊAmay@"TQz1=jWR=ʶ'c IzC\d9[Z>2#:.Lъ)f57Qb(¨EY/1HV1^x5'h4|=TMs2Ҋ̚v!w,Bu+Z -+kQiap7ӖP}eb%l&W^Gz RAl`.X&OpbUT«[ <ܼSKlvK" (!v XEܻlb(6]dRL23Ɗu C/2`BCy^^uUUkP!܈[%$6cU0+jmm:]"ևU~ZiPqhK3oȈF,ۧ8`gL$q̀:unTY/`#tc,lR!K#(U~rWd1YG]\0d4t鳠EJ#EPB 0J& %2tj,4]. .{u)L{ *rOgھ)8[Mu @TD*+SsSi|6*4c]5qVњ@V9_-ژt:l(SMrB H \u-5'>< DG15h&@;m5}$Gђ. x8؃6 -%5DaL3Wi: N"tVc:M̵W,؏SVy(-V*X͵pN#_+g b]Bɏriŵ=V FP;NȰql/bsjaSB/!R;ʨk,q,hm)]f.9 2u/0`&<"Qt[+crc{[q.< rI$N[XT,V LZ)Vc2<{3m&|U:ISR_uz_c 1`2҉F.8 Iyj 2$E'XmDC@Ҭ^<7&%#s]>@JYvXI~P\d~D:-^Xۄ aHg}-RWbZTѮqsw5U1=oXF~A~}IVO ⃉K60eav=vkSS6E圖Rm#R'}gW\n:ͬa"Q6A+@5,4~ s5nԸ7j2ZwP1pqNvpg&VW|dT_ZnH+ȧ ^u *sG$g,\-{jƴ⋒ܼk3\,T;_#s$ɒUGc2:j_Cgg]x }?v1?u kRa7>Դ \Ҧֆd w^x&y\iIβl1rȏTzw􈷠HeKeK\<|D<DyN7 ˳u) @G9f!kve]b+}r VdF15s"΁_D+|_w$OpS8h K WfvfQ;ع)zO|GqK5|elx°wBPRZ6m)G{#!n tC6(qvgh=5LXӈmV60H$Ԉjܩ9`%WhxᵍPt SU?B?0tǽ$谝[.­!84K왬ŷN$&cq MSq=V18![A( :/mdx)MY(58H|C5EZh uRi)J>ɗQ 4t@z`(~;0,骀ox jlվ/yKa6o PmOiS^TXV6W!w /ٯhM} ς4jը=ov /$yGT{3'ZQI%Lwns!5E]2T76p#uu,y~ # tD-o<̽VѢ_+45'iE1E?^gi{MP`X<"swpJ@$281t@EFw V|{Li_P{ȢLb4ZJhx(Kcvz5VQ K ͱ:C a8 d1l&C$`tЎ3A!%9I)[{:$rD 棱H7T",o0f:0*Y?: aPS{0;DXsS54iJMB h<CE9TC |q([uu/XKt7G@Ha(FzX@W HAy`B?I)oH ^bViv\Y`ӽ;a0D44At('cMDs5U09&Z sO v*ߢsFp-EY[@~ak7CbM g'5Ar(xL|VOdQ%dI䨁h" إ9T-DF]NG:iC9SɚL`Y7jp(rY5IQC&'/O;lƆ$BIOۊݎyAfג20B&j@Dx'tB$ UQF_V*cuP6JcN0[z4W ej)q:QWB-%fUUpO`,W!H%@q -Q$@ <R-m[S 5`C>&KL ڥd&CE&}LMycf0=Ɗ|Ũe*0+ΥCl33{R6%h)pR>dw(1Ic֡p 5 pEgz8neT-*Ԡ'dGr]p(HKornc/2\ qHE `=kl4kEw RsHdLW&2yoJ%l Yl. ,jl@Ji%6W}$/q =\WQJ;L9322A8#Вd$Wa:^*ܥ4٣+fê|t ԢI q(1# ʩ8 U9jAɽlUe$V0H޲ rj"᮷L(횑~lT^P_юE.q≂ra+\SK/XʀO``pRzǔ_w8̒Ob?Ƿ)8"Qi29,y İA6La_4# ,!kH5nPeg5/G@P ^~DWDNrXek .ؔH4׸a$i6)3$)OUg򌮦$%OBT%,j׮D"ً zɚy4U`5`'LrPKĝRh<4%m0Xlt[1껚mdܻ+CZ08#!Xofs՛1'w0 t<9>"n-%CE`6(8t ͧ j-ñ0:"%yr$&ؤ` l& + 9¨ˣt[;_Wm͓F ry[͓[ $@]Cy0 hX`b \l^qlvùCB 1ќ6R\-QWP?`b0VcŊ97+RAKq<\ Z0XQK69ȉzH LRr z3kjwk~ -W(8] }҆KU7V n=l||"WQ}ѡFĞƬu7߁BA ']bl 6aEjZA&#Om)(21t0gVȄs铱 /3u #5ӹ;Gtæ 5r)spC@,p%iƝ{ӱtU7F-airpMQ8:i,c*PGX. 6rHq?K80$E2GL)#[bI 7Gȡw$*ޛhi@f4]l(@)e@PE#<[={CGȱl}ltxhdu.:$q֍z.AݶFjG%lx'2NaE C݆gt8ppT q gzM4M`8R9`ŒdjR54خEudYaZ{b8D',R(SV & &0[ GP2D}4g,CLH P)(̐U)M\$4Ȟy=P LN eȞD >7TbHP)TGj,y͖tDe^-*ܒc,F ?z-A r3'zg.5pSZA[ ŏ$ɲ*wtx(/pT[(Lrŭn }G0괭 ?L>T<P h` Ār"[`PFsPM g:k5V!=Ęvp}Ȓ=*|ҧA[Y:GTMf SoLoGiԻ;6lVIB /7US 3đf$VC}R8^TSŹXK3m45 xDMKTuq!wv՘\K ]al[-ˑ~!+ҬpmX o) 0TB"/ hX"*:0^!K1'P@`Q1E\,k[>Vl-.t8We3-8ҽ:~ܣ4:+Ҏ{8YvZ)@]i'C}dNo Yӕ+IrI"cPD)5<{\R=OU/؆|(C7QLµy@-@O0Ni݆ݘNP. C/72 uqBfhʎ1^u8>Qh@;}$[d2π}Fr24q$ ,}cpb@\ϡ.::sNj̢#ttrb)e!l3@hfY9=2FRf-jJ3dx|TޙaL QZRGmGLSyj[ 6/qI t"$@c%ñXl!(maj&7IC<Nb9L 7]9$@i-nKoI3Lt-'Hv1 =%48>&4UǢDuj(;]yNapyYʛDld'=iC%-ȹDM3t.MlBBNI <)B<II/W${r289zH")W[ ˄2Iym<#Tu$o@ :۪<1W!xb5%lڇ#G D|&v)1J"GԜ@Oe7x_沴 #|Sn#Hީ{EKyܿ?@zGiXMGP- B;3aˈE(=[Z,%M ~FA-88G |<&7Zygsɑ#y:`KT0/%uVpEaNdnz !p@0}$}Ԉ+ȄAC'Z(J#tMVpKBC]KOUL} NѠud7 d+-܈dY4! a\OPqL>G׉H:q9u!YC4e!_`1E# uQG"Ҝr*(Qq0R'f( qDg VK 䈃Ȗ?IewHPt 4Rc7[\4]ς |LZY`2:*PNc41q WKΌM"557g }Ci$=C]&]@g hM0yy;CZ4tۀ?z5ʐ Z ;h۵ rFЫ ʥ\e"@PUV,?05'IcM+V9DnFj"(wN ÙFw~*ЛW._OUypc{(Wc 1h-#:Gyhh8t ׀({‚jv#De(o&r];**ncLʳeZ"x<Q >R$#}Gkjn|uĽERe8]3%(UfK PVPNtA:/aNFux X2+Fx)MP ?ZԾѪĨ?:R|N"s\%@BH ]FR.+hP/u:+)D7p(Ɂc2>r%`=ASO|cG;LbLOv`9vcyRyU` nHtMU:䐱rbqKH=q( e~6G7PNHlUfyF7L,gsǔk(c> O inf-K;rUD]r[sǮ4: `w不BI>;cօRURm652+id3y1#;1_twcHԣn0!qN G,B`"p@u_ H<1]eg%HK5w%(0VxDTC]<;##9ڙɋP9K5$.o<bpy!%#۔`;͜Ȱx =Ua&= db" Cr[0c MLJFR &X*‚4 Qoy!Yǵ Z)V?.X 1vKBD~_A bŕ$h'v(c9Q[!ϒk~ doAHzA-VHS׶W'/ 4dE=ŖZA8R5_LnPN ۠{c GޓԥBhۄηgIl@CQ0$y`]eGwYyYPS( ;d4ke[H_'0ҖdA pZ3JSG|<'2n?Q p+%1=δRZCt!&ZH 'I_A[ sh(Da.;V$‡"Z+W'a}X( ǭ 1ɘ/1qHU1SsThphFCyOHq=>', e2AjpECJJLMAH;ÉZ8rSzr;קZX-;47L条L?&@tʃTwX\uңa3FG::0St,$ٰN:c\pa\ @3TEC醤i.s#T Mvآ7%9ÃX=^WW{ k@50ȧҁZtCQmWQ|C4xdxpN='x(XHru8.qC}yDc' kqT7d; dPCM-~{D<@0$Y0 Wܩ?5 v454U P~rDϠc5P;YGeJ)RpZfu(Ju&m[vhK lYáLgYQ0A'.02jc=֏t>dɊ@ZL3˘H o ^+8v™/Ls0f5?9K'|&q(Y 3}84XF?F+|w"oC#=~ U(eJ債JL& 2c^.@z7ǼNϽLe$kבf P:ۨ,"4F(&0nէ-!)ݎ%Znʑ>&k\Hy5EO[2*AɃ!(:ƅMQ ]TMnСv52C9 B)fd`W&nRDݭ+X@p̬2L;fY(Ӕ鮈Nrq]OKYyۗ$z{=%~ߒ<)%Z?cÍᘾU ??mMpwn# 82O_DwE@- #T'\&h";a4%C2la<$5r6vˉ tΪcqd]$v2Znl% R?tF{)z=ĩB[j^ e.`Z܋w'E&{&)X!!J!Yo d& .z\LYgxFu:7mP[6Y^`>  a""rKX1OG] jDE6<6Q,Y ~mRZj p0?&蘖7^cPsc|mۡuH\V)y&\- 5`$Z,BVnZNتiMpg9Sb!W0ފ&Eq*ݕq$Wc&׺Ҫ@lW@7m^Rq#;c5&Ly|tFv6Ӕ`4&g/ђZwǒ3&4Z-_.؏pe?ꄲ+ @Qz_ k˔.@&nf d8W3Hf q^ 1UTO!9$f :3E/ XUWi^ec# īrY_o\{M>jNKT(2퍂Mro^ CpC;jC4H t'^N*[5MWn6z h3|s^һǭ$CT͵<ҵ|^C/n h6dO(}ql( f!(d_ l7σ}F7inZvi]wY<Һlo\7P$EVgU1K. ı !̺xdkH[Ti(цt%Cv(2*_{Ⱥ`5j/& k[xm}x}URU'gy5!6H>HZ_`6 Λ z+lVH/@жؖ;G6v(sSXЖVLN7`҈:. tx1,i+=h8߳U=7X?h37yj[;ڎ!hU*۽{k̵ٞMt{Tk,8*c{}>Ph:exp5Wb f /XKIr];IHg=P?8 ylo`1n+Fg]v>g/psV?;7祉ݢq! luɎEh͕(B[8h&b f<v Z#MhDUl[5G~m 9q^«9b $"f"vI,\[d|>pjU0g`7H4H俉 ]۰1FSu B@UP8~P:[hBcVhv!\:u(C[d1]m)A1بoX Fp ÙjƆX֨q2ʁO #f{@;:+tyÆN[ii |>#J皘bgk^hdS~u ܲPy?&Wx{|N # ?F}WlD0o[=-*q:y","ߋ J~HdV#e^3;Yfڬ "EY@fdJ^^C; w΃O4`K- 5_N V ;":²{^rVL ˩fo/<za)Йי.lQ@\0duWGt"K(L$EdH;Ŀ5Ά:xE ,lmbUb\[-H_vHLm&6eK:|13et&tA44{*{9N\L؃2;HRƠD= ϩ5 2 F7Z%๻߬9Ocvd ϡRBc&{ў:7`bF`d* k4M¦dG (ݬֶT:mca,p.gB|~wJ-FO'r}!3]vriMBG 6/v(ݯ%Q#H _ vzvݜ?DϟNl DĬEV~k&%?'5<p^GF*$1z=FL)ovCNW09E&|^ǧtPaz|q jK|g9|{R3-a@"FY`Fۋqs <{)*wu:6~4GhR:)--3AaFr҈$ިng{j>@!b\CO~~l5<7Z5IJ5@5ĵ]cDvz9Vx:(9 ,b]sS]8\EO̝xth}Nq/uZk3;J{i*ј%ҳ_9 45f@:)Le Qn`bG#f+t;TJ&y.J#VK}41T͠MmYGYTz[umǃmԐׅV+wӒI4 qv:?`T'n|j~ƵCN˶as(ʲkaOQ@񤢸6{Pv72Vʖqa31Sv*SBFIrM]Ѡ=j!,8l0Ļ;U_IDO9;8s;(fWu$J]f8.]+u'83qXбiGSP H0BpoԽdVm:+]2TEnZO8+ c5_bVjP =`~ZDr"ݥX>BtYO4ž8:}*9G.FR$c#QȀ\3G_vYRbT"DyQlv`69+w8vv.6:MB;:;z λb"4UtteoWq3)k>+Z`5ٵ!&3g}OB)PA:QDrF {CY/1J~eYz\ý$7&OF˔ٱ1Ayuȑ߸봔4G{_*hl6xǿvW2QSXQr \'K{R$xc1/#Иp ;UՖCp?<܊,TwO?V]n!ւ6(CۀQYI@Dh>Z14LnuͩV &=04LV,ڔh1v;E3nq,EndLz#p$ 3.vVN0=ugVh6[ wpco*i$6q u:}Hǣ%X`Cq{FPJT:}yBUPˠ >^ qN@Ћz9xvd鑻N,'Nq>}`]On37 ztлMZiy*~ :plf/5ue't#SFix/']cSGw'NY`tZSZT4NY#!ah rCΩ}z]t &{RS=xeL:HIoPΦ3>s ]$%2˥R]{ˍ6aqp!v8LSrkNsȕ3|B$Y^y7o+׎{v"lwۓ+;t_K;=yk: ?ukt*֭tvJYSht 8\ oDk6[ 툸~K/Ϊ~F]9pZ2.lZO.\J:oW;˅V;3yt¬zr]-2{q .jm Pu#ۙGNG{r[v֞Mnk`I]tḥ:7qqkGUy}&y'm[vӷ.1۳\v(ZH[;a[t"sЉ^f[B384B{Sdz<ߩІ5g 6.;C +Kx,NCT;\!C\Vp/Jd=̠E}jVnXmO;hۥCΩ}z]|>zΪ,g?s.Np63&1z8POs1TPv 6*a Vɫ Mߌ~t;_nl8[/;KƓnj7{V>_#eI\t7,Aޜsx^#[ _9ܵ9,.o/l^~,O!T_qV^UlNڲF/J#η `NBv1AqO ~ƃd:sɭ2f fdg/pF! 4 Z,X{l|w a1>^[kBi`Ǡ]mj=°W,W-%=AqEh/u+ ~sG7yj2Sa.6=mUbҞ#Ѭ1^ؙWc!bҿQ a \А=x7,nԣ}`\xp+q%.!A8Sܙ k,b7jiBOl+ɋ ÊV:i`- ԛv7N>F+l4B'uo*ҕ^DKuU(&Pa? McIBwÚhxmIs6H[8?_pȰ&cs3Gk5:]ޤjhOLױO V X\wQ]6:/ޓuHU^O'vNCZKKprg8o%[F1J RO/s3W`ю^^v4e49\kWN,rw"}8̲SInajm1T QEk5};ի+dhἮp{^fjk@e#)/Za(U*\2xfm7IqoJU9ӓ} F'=DUIjm=Co6Sndm{P)O hz!QۃIIݾmokM aGV%YRYj@9zNvRεscr"=%d"cH=ɾ 7&Ch_̈́ϩB MGL*e6?Qm/`޲9:= 94L`փXL/͂{qEӟ7 pQr^ 4CZzY]{TQNPajٸjվWUunBVYkCq[tf$!MR>0]hTo꧈l3Ʈb҈6!} ي6| q/duӺ .oѾd]Cai+ȷ}+ sH/qS8(dJ48M8Af2ͥȳ*iqgHUC-n>{?Hk.U/қ 5 NxnkG)?h+ k~<(09S%걓*)7]Q8By{UW C\3entwKBR97ߕvkd}Lx/oIgϤ_[FhwP(fc*`rYO,`yucu8̧:Q#QA2NII> ҂Q?c~5T0dll@)C7_@Xe+V9!{/*jTӽ 'OUп¬k/ڋ?TVE]^&p ܭotטּзZ"!cw5ݠ;6aѳc6Iu!Ä.8"z2~C\h~g3ni]>W:#9Bƛ=G_3Ռ&rOj5>Zߧ՝6zINhZq`B];m pv0I9"z>V{nV{ڇ?Z?ZVG>/mSDGGGG`K6߇\Sq܈{vPOX䩆U\G?QuHG ~R/Mѷz՝b B޵W̨ 8EX Pu-VUJzV_ʟw&/h^jC&'QE)<ÂdxI(K . RTL7 tIRa!cZ&G-DO-@@=#F*cjs֞iorgaLQ*bEݰnyo`0= wxZH@ 4%q aŊ,*&{62:Z Qnb#hWgWaEEKضTѱBJA_k|EJ/3PIږr0m)%I˳dMR}JK br*NBAP͍q0>~F <\X'$\nrdr("4m\.Rrݝvʿ{}*wZ.( ,7!yamahG Q+M5f ̵?$'5h"n%9)mmXsJSx)s^;^;}EI=@6~$'~a5-رf m 6FE@=HI䉺[vVk6Dz56SQcN![׏acua[_d(NniP*xUm*=֝@ ."R(]E N6N`Zh3Z>{t4O:[yqE)#X~^[vgC8uOV.^~#PKYMzZUa@KmJhv逓$Jhs5׋Mf9Tu9KjbI1;G5FK>kr 2rՒ{Õ1\鋑s.x;jN;A+|,e5>9.[Nor1/t:Q.˵]]j*!ٛq!z$E#|A禇Xo3K_ii>:[ vXjk6bYj }mS}ddnU*J*t&~Obx -?"ާ6ajUܝ:'uDuЫJGYnq> הM]@ {2l<^*ΰi@rϜ5U+Njin\RI.47LGu г;腇',Ln('Qn8*X5[:˜;Gޡ/l 7]=eJ2m.Kb,Kt9zv|\f)0i\pݒkXК`6V#\K RYx*ޚom} HcitO^P-^o='sPu`/ĉ{}LI (kϺş6BNB-sBx$ nbTqHx 洃E<NK:Fl{>*Y8iigu%EpҍV3HP"1]6tn)'][իBdu3#EAO-X7<W*mJG{#ѰZG*.G^룈;7~| EBTc@rPR2x+&X,,':BXYLZ]XOFk;tR,r|ӾAtT*JT4i/c`{w6͏|4m׈EviJ3'M;ӥ3}ф EۺNItIm:ߵhH9yOtkR9zl8L#W{z%:p[f ޯҫHׇ]W {Ɩ.CY{,[@rJ+WƝUo'd,YTeZJ%qb1v~⼶3=-=(]ܷ+ c$Vhvr6p6Mq.Z+jҲ']U#}UCR$TN. >֖Qmu1D"eDԫg>Bsˍ &8Q,D7{tl%]쩕4h2wf  1Udi՜FpԵ)lp_kX V͡.]h}7M&-2~u1ӈ3ٓ^:Ԛ$L nbt] 5=cFSN2o. LdWDPlnv4suOaWQ{\Ia D(MQ Ǘf9]~'[g,ߟ K')W_cX{Wfs$"WYƩ'xZ 2immf]>Jf_ak.c!=f)C͟|315]r+X/Gc~D[jlVͬ2޺E+eIw83Nfm 쯮J ջmSջuUH( aJk?OM.Lgz˟", iMm^NssDdd=q.06Xeҽl(M&Q%m{ujDi.KWN! DvzǙcEo-Y@U@NҔNXlu 2vC)[!/)1*UlW+Fb[%qi':K s>mrPh.>,SF-5,yVE. ܅=b~6ьhƷ hI}0 ,ƭJk]Gaö7Nq%*xT&y**2fZ9Vuڲ`jy*xБб΀ks7HVVI.+°*?3y5Ы}9WiDK$Z$HjQ=Qv?F7uRɴ](S:lHV(Bi${,%/ 2熃d5S]h VJ"oؙ68*5VoboiԜ50^C)b/7X[ ꆯ\,q O\ aQXOZ`f{C M6I?|? 2 !"^8yԲ?GT/ 5R)I̱46;exjlѵwLK!4k eK3 `HH+9jk_R4t;AֺZMh Ӄse4cL%UTbݦjyԖqxن/5YO,ҋex<3XVeVԲ}iP z [N]'1|NN> E]{fDձxLxF7ԮG4"_䋌+M7Ke bmO-M2!c2B鰞=YA;& \s7âw~;aМPt`'};\o 0GL*Y5/uuy O4|ݘNx0R ѪA^zUVe+ưAxlk^ G"!6 Oo:T꫅!qUYEmkr]=#E k-TNJ_"\ 9j&U! 뮅'WҸVlh[zzOP(;Sb$HMognR40HCݝCT3dvFMqЎe[YXyvXE!J-`wOqABi/*XKt="nmۆ֖XeW:^Eid@+*lO]56W,{^ELUO-g ʄ bsj:)%<fX`Vky~SF؞A 3uh]Vbwr:7cu0bx ]ϋY>ԫWis2p ]4>`G'78.5V$CXaBMUC[}15}-ׁgi>Qypl ;1a|ONaS=!]sTnY\Um#YOEDQ̕cW'AM˘8큀SK{&_6Zm_ɥGF3U\gy0t|W1S(rr ?Ղ(V`WNEwFIacV)RS f苦3g{3hKZ^C6 )~+jIFKjY:!֛VF(#aƲ[ښK{\坢~q7 O~wlu,NȮz%Scӄ4IYP_ S6yNpYX2i3_ giٱ˫ p:9n7ǠdU{RG`#gstW-qnmeۈ򚊶w\}ELP1iF?Jz*Jf2bKb11"Wɴ!AKeYIMf8(}RO'Z2]`N_욘u:3&v“Bٓ(=s&MyBq<`^a|)t(Nq@YJxhE@D<)Ot\?WlGXނ$BI/)JhDB( Ź0|)q(Nq@Ye+.+"Y_K-KQ$y.Ox nI[;%kq\o]>.G#Xw3jErCN ?Z.hT@~rIcqD7t߶/v²tZ#RKEo Λs%T9:s8a-{Ûlť +np3BeU=H ֫qlcXB5:5u|=i1 $Ջ"|eV{]sF~ty jZJ55Ռڂx&}A5Ś~d x>i7SK E;hkͨ{ !Q5+T]\)p9#kyJtA?R,Sw*Z!]ZkGI ?AU1-zܡh"MbyBS aQFyy&]wѺd|O(|F0B&pL v:MiO̚> -h{ESyHYt5|L 6S9,m}3B3Էhpc]=4ࣔ%qpc @7ZɲjZQj7 Jfxkfp BTsKe:6ۆU[~GMGhRZGԶuЋ vu 5d FA}JΤ1wC=掑"gh;5;TJ8Tz/n|BHDPuyL%~(uuF0µmWpV]'m<#QDCnb@Ng ]e-0Q2WV4_; NFqPWIngh 70Hi<'Do{RDbrN=xe eM_W:}Lu?t=jgyo%vF ntٖUj(6T1TV3u{N9T8;H@V-HZDg͒T?z} on&Ğۉ~L6ƀjcӪK}VtE75ߟfMj9瘑G\évs]A\M%RH:gk?(""KLbiWF{1 $cW]M oo/DF R& `}4ڧpRݑ5y/}p ;VGFW)u.u9tNe -.Q]j;EG4`\8>Lr6ʧK;0:@.^FQ}Bm>gBH2y 8o?6!AWJE|Η'W ~[}L_:͙K(Vx=]'ע#3\ɯ8fp:>qjS-~6_~6b:>\Kۦz53x;mG! C푲bjgWqmv<ƕ*eeE zyᓫ[>ݮaNEK4it$ sG\|v%L%Pr1cujyO`n/`EfHT8*#83q "Wa،mB^]|1}omP7t Q~Pk : (2Έd_%7r%Q?OASYH*fTjT3iA2(Knlemdp $SR]}×d =Z*W86`O\T}RB[6Yq;f΋,` t 1 @(B٣p:`.H5 Hi._td `=QqA!bC;sގ|PJxGˎf???nuC݉g[%dipJkcBk^9,`w6bi#[ec8`# Q//YdOLn0 ]hvm<3vl*ɴW[\A2:%>kEТXw,Dv_h4֊EBYTsCZA<\-p@ٷ  w9OH-:D][Ο֦9c-sQ"W'Ԛd,r p-Y"g40$[5/ "T'M%ӅWtWwv[3'&B$keeBAUD'"qSR)H&:87RJ&Ȭ49݉]dkK?3H#϶x|ҿ^iiL f4y9K ig0+Ӊ] zNk B6 iO4nD)b2d5*Tĉ[$r[fξKt>Ȝ.gl8j3̢{˳xFV$Qڢ0 )46$&Udx9Ӆ&<<;txa{!X)@G$U$U 5C6̂]p\j`",=?*I/!]CUbڊ; 5Hi6g@uM~g R&TQi-]OC?^L Mrt)®V~WP =('%nAÿqåֈg*XFj}b9_kTzyrٙL+#>O9pt-LgٴOnkX\%LJBYPÀC5pV c{Orf3/30Ş56rY++2-w.jE>2jqճV I}7 ʨ̿j12 'k'v7 z[פ oSƇ_aB~1#oz³Ҡ{AU4h`ywә~7*4ȑ$#bA\ >RBL'\5SdJ}nzE>C|n$t[w49dy=rV#W}M\Ges!򸫙պex*[fܻ2̸eeq YZkL?\E0eK|h8Z׈`P > GŐa;zRل1C)*x1̯UZWgq}ae^[ T`J1ՒޜjH?SѮځE7I|18"v-:rKFwuTZqk6qc9{MEwHG@kP+z[ċUjGשw81|nm\2ߎD2E$ڼ"F^<Ax^TrQnDHq7+,|ljdm+xcrP]j<Ĥݚ%džQoؚ↍S2gP60c7p:wZ|Sc Z_ zsQR9ֻwԩƝq G\;Ys }!C60DQĹWH=Jc-5hGdrC%DǓA7Z'OWĞkfIBTR`ka.#.mFxi ݒsoNvᣰpQ~ qaC `dnQDR|o˳* i1R@agH?F2QDvTX/EAh9dc@u iێp&by臝^-[BB~GGbc_i4 fxVBGSp&*l~_f?yi[Q-q}Kt\@L0˭5 c[n6fv_{T8ڊQ!8WnxreyE&5gq9W^.u{tʆH@23]BkN`*ÁV$/\> 1,B&B$%sF?p:[G2/O҄tr aƌ`!|C ׃B 8dW0Q>`n^o5Qkp)cBUUckzGWEn=sіb2r3P.SCSY]\zG4>Q>C2tJ> 8bR:#9^3ү,s>+w,ɢ3 "ģOꠌةB [{B3FO ztTRٗo=Yi2WM:b9[7h%$[L.Jf1f9Y[.`,ցAutv nR1 ;跿Wv+DX-A>W\Lafˉ5;/`6mVl\X7! " ]B#F6nM(@vvXlO' J{"^Ls(;rrqF.9sykBC@v暃p7zXY+s@e /P\)ct9 em0`@Y 66Ms!42}(kG,: y&Gxw̞Sح0g .'pΔ 8;ɆTrlX.Tm 1nCݹ|5tgn2 0w*1m4lX N8v!΅0/Ba΂^ [8P8[KpR_8] ЌUoCG?G;~w=#~W[f)4Lww6̟rt wx{4/sjBN1}{fS{&G9L2|g 39 o8kݱV$~`Ͳ =6 7H(ݑ ^<L/-]@畹痷 2喳唱喯n0j#u397Nw6DvE~ٿUǻb̺ Jҡ OЃα75R_`M1'|%g&^q=]-<z09HN߽jwG@X4_6_=MC|};h 4%&U ʈ/Mq'ܮK_'I]HO >N:Y'2^ȦBIb"q@<>۫XqhQ r8'7BBMeGS?G9$FLRiJ_=Z8L̏<5\A;#ӟs5q9iD8 "hdvaS6aDX?$4I4x@0PN8H%DF*W#GI˸=J# vU0fOMM#?а`B%BA$qN!"$]ԍQ jcQCq4[|C*Z!~YҀ[ veGشǭT !ވEV~cÆ:5vX#r` 62xOڵt9:gGŚ uYڞجxmd?Ⱦ~Gph]D%B#u )- R GmÐ@A'LF=b]m/2:xLvK~@dP)H;\/?%4Ե, 'S%탹#bS<=TUi,HeL:dbr Okj5v K3]p{rj=-yGOtz&a Α2MorL8/8m0ANPbn #9n' 9# MN4)opf>S} gɛ;m^ZE\Z+vF>\GK(6\j$ +YW/zsvtgpuxJP^MUup%H|9ڐ(*Fh[E~MgDw7&Lm^-mBoG[C߲@߀!rDA}P ,Aҵ8! )Ś Y PgN@:f4|р ; k!ҷ3.UɀKiA:iMC4ME2M,KPF2>vHnw`ȨlZ16 c 1WwmK4up4VSxBΙ,)T8Ȭ6qrjtnIWH.UQ&GwFM)2?-ZfRF#9t#e-]v}tKKn">He2e;v9QnyJ򔱖GʡԦ%m|8.œ)E*YhcsNV|9F3>{6\^ϒf^y(T>Y*̜ϖ̌~A~aꘕ_vsט lE!&ضNAZ,8?'NR>*GC.Jƽ`̊2^ kh-Ibkϗ`Z|ix4siR13/'d>ij@CB=9 5D{ٗ#SvhvӺI;A^@DRWt[Ђ NQn8!ƀ/mьԞc{W:#qs`全+3Ej<{cB*S+r0ba@)h r5(MEEgUpSB2w}̕ V;2LoAZ_0”|QrZKv5G\V77;ax~z)-w. @\+$)@7zj Xɾ!;Dzy]17 KׂpHX4y߂+%T1`j$+\쮏 S9"pYRq`B @rnlqo3xirn(}A8swBu0lX>1XdX1d|1\ζ5؞vY'c8- }J_e{*;^@YEbSzΛj#&p{]τ(wK0bmPvlVnim7m[{ki=GO% K!|؃~`,[S_ɔSxt9˅|G-QCȧs+:rWIyjr3%HD_apj<=q2(d HaM*EtuQ7ī/jJ-,S1`g)'D;Y4og*Ahe|mi({oiX:FNn=c^^YO;OAa$|Ƹ25g\B\m5 "gKc6z=r ZG@?m؃%ThD eS/Rv|7*WEp27"~Ɠt؃Eۉ.dK{tzh|:Tl2wx blKGb=f͈hF%FZحhH#e #%4gًmo!~ \cM3Q봻ۍn-#5]#U-5WS7Az/Y]Մёd+F#6wV*=s/bOIAm2YK[o*pX`6A#Lhnh9b.BۆÁ)[bK0Kv v[$"G<fD) z~6sC7 3yQׂS1v|S+6Hzꍨ}V}v0ZJ}bqxjǹV6ϊH>/ 7 3p <({[DTVQpu$t/1C!f"p|ijyrD(^s/?q=g)~l3'>0kzoYܜ?{C4q W~.{GF3?x,~T$*No!³6Ѱgh^ I9zТ%bW$Z[S*'"-IFO8׵QdsA :}x2 w^,eܒms@vhx&vzXušXFEڱq=8HY-T錊"c{dȌgZ *?KC|O H@P=x9:H6X3z(p$o=,ba7@X;K,&)G~|e+kuT1l#dFL v|߭vٕ5Q]s2nѸuumMoԆ[\tcm͡s0# X3m@Fo16p~lnvZ,H", VH+°"w T<6GiYDuv)c73m]-̷\ m˯ˀPI`ڃ&ǜc'LVv`(mM :=)Om2ꋌ I62ِ-A#y<[^`'+[(@fGrj ?Mr"K []NyNk,V"*4ERQA$!2ψ@ Tbgo>y+$A oM"8ˑ=\lhBƒz@w7^DߩxoCiP:t1_7hDiGaJebaAKr,1?#u_JO=gN0gҴDd-XqE,z|HŐUFy0i7H%? }n ?6Ep2# uZ2h;qˮpY@T\ޮ ^I%bezd-U%XRyX /(`\SM)aV'`v  [T͈.dc} lKY ps C~,N|ݺJ\8S/ABaAr,j5G*ShLPܢ @IuNX,]Jjg"ʫ=̐(<|xٝLfnȩ)fyzLmB{"kgzWGq1l92<Bi>*b#Qc䢇P4s-+g`|+ְa艦; 90?j9Vl rqu4>< i6Mvs(9l7l$> ^M6C l8!?! WR;XCd*)<~ 93 ]. uV(/tt„ rtŒ43B!qתy2Kbj-~2&IoJ_q Mg;b!oʚȩns3ݔML* R$24KU̜e7Bq7.C+˦SpԻi GIG?߬ votj e2mj1K/˦vfJ]jM-ZOjr&ǍjJw,iܢ3Fxi&[ H٩fkMmܞvR`h/}6f î׶F`J%Ƕ_ƛ0fB%#`wyjja,Kԉ ʊP)i-Ѱby oUQeݜo}>3T,FnrƬS%O'No}4=P6ΓD4?\l#]/-aݒRnx=PI9ovqk<O̖n"F =K-xJ|Rmq[ջg&3+8vHcZdz2=ólOOISGJ>. (Io3T"ƣiucJZOMj+E! TNF>aTJŦR<ӛ[,#]g8n-IZTi U4GԊ"*I?Xi& hg0s:V|VZ!EVV`*)x晪4e !T*^ίljkix)\#i0gUijRGPJ%hWK+^m rEKYb(?(Uz fOb 3Y >BܣҲ5=& iW5sfXԳ_04AD)xQ+ 56mSe$oaf!*XܑDaw7֣ tN0QzgsB׆oTT7n)vA:,C,9IyPR}r:G荘!1wĊ ["c kdU7Oboz\.4'!dEh)Ē4sZE&е{,(c;b4 ¿2 R&TV2 ? ^ Cn +.?!֊c}B*AȒ}ءh{ 4\P)mIk٤^5G1HK;1"!%zJȣv3$Bɔa"!)iQkS韌49=|5t j]ĥ= ϟܖ+JhzjޤG~wn!܁błUĂ˨Vrv#&LsgMUI­sRٱCLj 㖴Uł_8G! $>:;,(!<1}7?g`!3vYձeV;Q<˄bfy/+h/BYK 2E@&/_Ӭ!JnvgXD*pr~̂^ۆƂ+Җ#%tv@`؇*Yvp`Vgex@*(kyyHcnҙ +5]ƌ>&;\P'R@FBP zj캡W7<`df({8 5Hlڴ& i[M_%x'׽yȅH@Fy6.2*nݮk8 Eaz?a˲bocOhװ儞F}-YFrCk*]5d5kS"錑mIͿjjaz8eЭ%MRf%51%K1dKPp\e *2Z˱3ߠ=: $m~`AN-)_hWV$FTAPSKEo>DwK*f 1 zш:TZސ"<Ma*W@f6“Wc|-2Iubؕ;hdĘATԍ655cid")USŗi5 "ml2HW& Y=XQBxipWWc Pu6dB9{ (a.`N^s- XVV&VEZ!J c=^p*:?.[: V7/mg|D gEc~֔A@3Q( ǒ̀y0}AjN$t}tp#B88VaxG pmM27EAF̈Љ3_?\NM7@ߊ3<&J_>X b+Ǎyz>Muwb詼"dLSa=xSRm_{܏ 3aDZ:f."s#׊n3r`B OْqG\KMr:5C1"ٍtA~\}[ l@`c93PuFlƅss܀Kxmi|$GLt%xZTNC\n3w`O'?Zo HGOa49`h\È CcAog TM,ڤ%xrx,:$;yW' 4eڷ*nb\JڞU7vX{pھXAr?O fĸX·dH cVJCaۘU#YXw?NIGgB!+^P5KUXUGKu,Ǟv둝i6d9{ٍ3a$ewj' 9Q/' _R6_<΅0rMUe2"Pdi-t)ȏ-E ).cߤ~Rd, M]O4v똴\p4GZi0` !4bhS +TZҿC8?NO.Hf6Xgf$G,Ԛ w3]g0l݀D40 E 1/O'k0%i ̡۪I XH9EFt*_,8Eӏr\\[X06ڹC 7<7!)/d6,XQL^24D&$b(;aq;G580H o6ṉSQ\v rFhH\2d"U)3GK zҖp425K8EZSA3.D50Y89jWk^v鎑ȤfZO4+h?-EBBN#"HR(n ZȘly͆T NtRM2R6P)e:핗׳D!1LuB@Djqflir Q~_nrb76?d82ɔ SLQP&[y.=`Op 4j#}yk4v8BdDoaٯe ߩB1J n^f+MQvP6X0jj9rxBL%=g%$U0;آ/;r_r3b-@4V(('CQt-ay<)kp7^A]}="Z?kPH`.*8SI ^U CAaP]4dyZj]A$ y'f{X5Z0Âxu^Ho|Z~_\mhL6d-AkӤ(+f.hET+iD|6b\%]=i;ARL^++2vM?HVp)Z[Hq'kh=^O_NБ,*&E:ʐ8 :]xVcsM:Z-%AhKBg'HM(ސPrSRE{y *..] G9^ygxKܸa gy?Bloi-ӻ*bۗ8g"$ ʝCQ:`v2cph.«DN(>- R;* \@@fۥ*T`UPO9.UP{OZE~k.rmk+{"^;CN!j,Sj@tu@e{U*:+na%J7G(-su >PO1\b.zoFӆ1^61^Uv-}n7[ѓ=>}ր@5C]A?౶u[zJ7pD_y 0  jSEGZfh[+n6pw3֣ 0:]5vl+[a2YܤO<XnHHf]*v|tYPo+mJj)99AiJa0)3{ P?G*ҁ`::?!ŋA&7/Cx0ij☳"s= srʬ.qIrHPJ,jq1\ @jL@eI~TQI/R^iAm>ւB&>FR jf_w6v-$o:['e|qcbz.*[q8zQO5u5͟2+h,?#pb[D*.cY+ˡT|\3"zN QשLJH'7mե q17 wzIp6a- C"sAa.3y=C:X)r?ं Kk3Rpk`M nNt}ex\`]>zZ!TLLOF=|P6Q/彅zr@mn Ex?dBҧ<>J2u0-:Spjmvݦٶ^@sRzQs#3]%Bo6{o#.NuQ8g^oFڔ[ȪfqVQ9^v&kUc6KZu bnpw3^iړb*V} uN~25{zki$qH&,}(6ڑ2OxֶG&3Mf1VK=Qwƾx;nRba>+=zv߮-\wW ktM8F^W%dϜyH]KOZLDG5"m`+aT)5CQ_ضKȪD$2јsxSvo}7`5nly+Mz13lK|l~MKfn\ALx0->oz!n*ZZvK֧DM'ZSZ*Z` 4cJhU Γ<iyI#bOq|O`Tjj>5eW/s̮:i#rׄ!fL,;%>iC&Lx܏J#|uUހr " QCJO%ky+ Y{[i i]߂<{ɡE9CEܪsAxDMy^e!)9j/m{+WnAsbb %ZYhY1 rnn=QZh:d,y:VǶmHu,(EPD< X ]aIщQomQ: BH\t[i D\#M[ >CŔCr#y\>f_^$x8al5ڻ3ϊ㪤Bcx*"Zm3-o!X 1zKS#w͵f D%ťd:(3VKfA_/4\X[VmA0&$|DjUT ǵ5 64V녂 r7ZsTK,: PkpZkܭPZ_A+Ė?B1v;^;/8린K^RCB +BgH5 'iUɜ 4iW ;F<9&Ef6[vGV6-q^i;E}@;ӡT=ֳ*"Pe_×( '0P1`Ж 'b Bƹ1ջs%Xa7)0F/f`! ^W <(*r_F.(^syz{低z04LPOPTe2ٙYX̩ J$52UEu$ B"+"9*,0xhK~pMXµc .9k؟W#U8Af7u`Ā,5?F^t/zT?]W\y8"dA1CH'x4DLpbv#$b$Ng/tcX`Dɐu5.,֞pf-{_ t_乬)}6(l[3J|T߲O\DqVS**ͅaYŜ*$aq0)92~D*&">3r$lD9%@j +@MdՏtXXƛT !H0AF@TZ3oU:[N9su x^2i0_IھhoAb"31=zZb:RQ^v(U4\cWqեz4g}guy15ժ`Kc^u Z?0MÐKД)?o^u$`(ӛ4#V$|]+|z~jK^&!]'Qz6yj|/c*DVTg(j~ðX̒C"ڀz59hM4b!rh úp7l:|6[j%i~YZk5UYDiHt IE̍|Uļ RCQS&xD/og^ $ >|\tbRx.k4{YaA UQkoM46`2!UVFZoj=mӥqy>%K黝 zꏳ,7U<o jr@?mmCM4'pv):F`y'վݥ:vkds>M8q5< JM.P`  `zUsL;@ViO>LMƒL-?A g9' 29LzG9(o"nOg(16m@Id7ɿ՝䌊G*n60&ִ(g1cX8JQ~QZAiC?+j $}*ѭJҖg{ *YLX.)n?6mũ3Ua`yuy } |5_Ne8Z^"##n6KϬR-!ATraZm=}(Tg HH0]}֫/=V +fZ+?VIRNu"^LNfEQ+p_!讈ixT|mNTcF"`AoC6kנ[W]ԅK (<+ CO,ۊ&49 !]8Cf逞,Zgҳ=+ČEx2Ǥ.ӹ/Ű=QM3Dd( 7CzI)jRX|Fg pG>:ڨ$cimPn ySwO; pCC+Łe(TG'5|:5of7]QEeȄ&7o;|nd/LjIL8P6t6 _BUR_$sBυE7`62E]-(vw%PW`j'"% :U[Ca/r>=OЉ\װ Qo8KhAx>'ZmFJ׷nOĿ1j?+hJVx:H,|bs$gZr7{b{rͥS`HD-νFH{00Q8n5Tcz?<^N܁0(B4g'kp ÍiGs^z_FrݚSw3 A L Q{'ii1\cx:PwcHj3xDZ iWZajaaa՚aZAqU,O.b.^^ \&M47io$i7_yO%4W\d_]su}ue5W\HO]dשf3`(4t ]]v_Y3^ysH[lo%W љTgWQ0>%;xHdGr[J1-j[shnݢr6EF3$7'BϵuÌ 쎩o]m"hV}RV>@iѿ)egv=%Tjq7E{9Cƛ߬zk6 ]s$8TD !-*Es3DEڷ sɊ\h;!kd %3 AS`>u& s´++ )rwrI#%!*\а$c[> lG8GȺ{OeqpbdxR=]a"C5#t=t{(UQ;VتK.躎rbG6-#v5aΐ|#\7<xP;jȸ$sllU}YKCiYɔ"D#7O70s\$x kZqs3WW>}<.&'Mu샚g^DuCIɄ.4Յ%:Gy1 \tǫ\IT7jY})^!]j T8 !=!2V``XJy2db L-Um3<,> sR-\A"?H0 Z( w՟X0 F‹}]6¹ը5Bw[%:c h6uÈc<_mLͪep#]$ԴIuh`i*edx6,M3bbGEu$0 ɓdCA"o֥j61Pn:O䰔,.LYHJcF#PԔl&LiJr5mq,8\{[!/(2']5h7jY L؊df07KAo!ՔoLhhD¯,j>{KCExtD-a[ۧk߮/]>{A᳧}}=L}}}q?x6n^Ǵ`~ҼyEޭtn^]_zeۧ/OGv<9'oh/I>\OU8r uy|wbp3Ăis\S8g6ϮѨP- U{!R0ߍJZ@rT4Wj#ùM snI84#_.C| c8Ht]?z Rh2,I;a7aZLjHZ>06[rrAaɨ7.h8I O %m݂^ 9_SUw&R<4TG\ZLdmgx\WdVVWk  çɧ>yBS{o~|Sd~Et>OfI<)+U m4u幼+ܝ_.B$kj 1U6H4yu؟""JwF{6aoY-Jꪫw:xe@W߲1J-yt޵zm/J}.Vdo_ 5P)nT`21ޅɤ:<[]yx.XtłF)+7[,e=,VW)' RDh.DP5 p! 4[LUIh 6Ʀ-9^Pke^\]2pWzoK`i47^ tNbn \i&Sڴ}7,c }l#n@r#K~f ȉ+A4􊨅#aac,54A< ]fO~  SÓbE{ 8-\ BL,c^Nꙧ{bn.NkQbdgV.;V j6۬=Os/51fge3ǧV@GMj唾wIWRϚ$2ڸ3a&٦`uX'mq!ia85(Ig-2Kp8 UAU}X\zkusEX? =U(ĝEyLD$;?V4\#n `+akK 5m G]Uj3rPtS!`H-u i̧2:e_V5\"*#ͬ AvU=Tjވq]5v̆VG8}HŃ>"cm!cmn=hko60@5cu%ɎLB4jёUFA"*0< @˪1 bb dG 2j ̨32d߀IT6`piNF'm0>f Jlc@l 1\\`2cmԱ1Rd `Zpƪ5`I!mzĶ/ ƅ7(Éhy~ ze\ h,3p(@"PrHdD5rz3zanƑ"*[ԅ.:˶/JK[.L޵vh͢fEV7{R^`Ms.T` KI#Pupyk:|4-FM]\4Vjz&ˋ"ǻNxo7&T4CH|Tjq L;[J8yN5҂Z@߭*&Q Aِd! xQ61\5H bZ"AZ Fy"l8a( VR/Z/W#8eU3jm*bd _ng C8u6h8YfT~",70* F#mPgeˋ pwmR8%\MzN^X@eӋ7 V=""DW's}-gR76OQk4:qi$i2|YΪ?I b)Kr ˈ0̙c#L9c˜хf|*:E^GuOrT9,b"(hrW3#x aq7s)U-̗#ٽDs!MY-5_$w1oubgd,qbYId7Ee'S(`7y/[?qonenkhv !W*;M6sˮf߲nX3͕m˲.{4{J=FK㚱?*?5e6&XYqHE+0f#츫Bۯ],G࢘{vrPnpT ;ٜOx[ll p&}nDoBCY'2Éa#G&+*D֦P֢[ m huN9S]2Pm-oἢV(ܰqͻuV,_x :Hoa7)&c=2Q+gzu$SUz9bFZt`sKdXkfԵtge9/0IV]>5IO9<-m.5!p7] W:5p-fYԯ$kME8V `ߛԲw ,~ϸe8 neCz7eНܦb2lӽ=e=FU`Ke!|`fJdB(6BہJ†:jB#6 k6C<66"h9gQ|kM1u. 00;@Nhm6LbplHW&;ŵ!]^) vRlHӊsC:]X6dp8ɦo:q @0:ɳ4mReP:"u[=^b9m8"sxvI!hGt}1;5ccސlxF{-|eB^ w0+^N/uU=znSjQpu :!LN~χr< vҾ1 ƥŢ\E9ʇ[/y 2s]lBی&鵴3^}S_(QRQl>^7kȅJj~X, k4<Ŵh0u2pYiPo  P#husb r_t79<@εrn;f2-@.Ai`ǛWǏ8L\Fߞy~~z!YZƱw T^lA5i 3nXh4 Trޏ0ْl/BI-}Qm,Q3d a!N:.2CnJ=DN.G1~įGJ;{DN_ENY%ebvZW1D&UX\_4Ӹ_ F"z+ܪFIٔo1{IK<v(/2¤޽?gfXDBuQR?6lf?/JRīj/ʤN?g1b2'nTjfT0fcF/-(+HsR73fPFWCJ#馫012W;wգȕt\zU^ .!P]hP¼ߎ9M* JEGeEs]ЃS+P՜05Y֚!A;y1n4U1/U,~g4]u iiPwjb%$.*{dlXw%ֆ"W0l,#%äQe:vkAq},dĭZY*bJ,}Mӭ&{D^O] Nwx1w[kȉyw2C} ֛}cadjhٮ۲J6T66V㳗cbtQ JZGLi v(7W]uSxLYkt[ v $3@VðBˬk0Z8,(|([T`I90+ EQ!w^wV}!* %JMeO L/P4q^e%&4c|Xy6lR6o UnJZ-׉P# ˻~۳,C(xʸ:3nChG c[ܭTa-|6DN\03GvЉ~AڤI>-wug@k)΀Sm@;L6wm ^ tog@S;z= Zn<̆ Q$%ۍ=JMҟ]<9^#V+ݤD}ΝNgRXĐìsՒ$75eDJ)l4V\8V6=VVuNB%D=n0}A*z/wl'![ڍNMU[IQNƝ߆C>2)( 3*`¢W">LSMZkvCEcZqr y2qƞćZtu.ߢ7=:~{}M˷Hk֐Mzk~NF/؛yٔvߠw08Wӑ @āuP<;G:^{nLN ʅ1v;PFI E22C֨ާ={A+%]<<}d4!7!PF/#e~T#t`,COE@ӕ0>7\˒6szI|]*B pwhr!o-: T&n-5s1Z\͖ORu-~m(%Voܘ@+ۡl90 w W< I*dRb TA" ]u @uXk@&jD'+"5,Kڨ&5=eO,cɀ!s@Xձ2n0j4tً:(R\cEPwr3`Hc);A E A3*ǰ@JxO OrC]FT\YnC !e_'6Lǜ*Th2Y2_^-T-)k'jۀpL[M:Z{^&Nm20'Ȣhd3)GE,,L,C@]>MQ1n tCtxn]Df#}`{E(8iŠ#nEaΜIXT6b$*~_2;M )' BODE\v EG>8;4vwu γ~;o$t,omMȕYڧ-Y.w^jT>TZT tf>;?{@;dA7U,d&֡:.P9}H%:WrBaUMd1'qWTe2QؔIipO<҃F̝0mNoqm+wf:3\U ] hHC]i)y+Tכz9B7Dy)~O^c%0c#8VkG+nSU 6QM.EboȖ]mZS9 p0g0~,fQh~"}<HEIτ Pɫ DH]@xݾh!^2OBOB4?-(MKi~:m [ZKC2|.X˸-"S,`A%O8@(sd,"af+ Dj}ƐL4MC4qAmfBIr"¯L R"Ǟ1iYG1S-?qdIxҰZ<57V\VK:O1V'-@!֖@"Γ{%pd"ֈKIKC=HsϾrDdoąm{wj"UiJ-1'oIkAbG 7 Z>M$ )|IsYa9/܍ZD_DL4qxD z %L<K})DuQH#xJjCGCw >fZuK/%ފxGc#w/g!&^^{Ki &nN4tB!}X@K/s'QO[{9$~Vszr){G][/fRD5F ~\"8UƁ`oZޥzm+~ONPW, Yp+'` DƉzbLTTK'ԋMPQ"c*/!S$fsw?_""?kJc#)-L[Ƚ <=r$R^(iwB' g!CApXsR0 [òL~NK8[6 n}+cI 3cKmGBmPN+ 9hCN怶#i;P#t|t灶jIY=Y+Ceֹÿ{tp;]76K$M>v89.psmNGi-:ɳuo僝csεAα6k僿\u[@bg#8jC͵rͱB͵rp~S/ß߭Jy;@* b#0n~ %&`R`(M$؛zB⭼o ;6͵}-uKi) ^CKUi: D%2D0[h;h  y1 C}x  QFq3!6ɥPaHPgiY|ָ ـt1bztɯ+&Fp,ae.ȟ⤨T ʊ \PBp8#SsM$?XI Vj5 3ЧkXD"+l+I9 Qr™#!.%V)rɈtjnGΌs 1uV*rPF^L LlLghbBGSjs>&5ИR,JqEcmAǐ` f0 (:| d2N6Ix+aе‘ipp(7ʰގܵ\ PIX>#AVt'(< 4$*8U-1,-kk9lqUm=J+i?b|;Zg3C@RL["!P52H*kзkn4`kg!d-F8 7*k;0Ɗ痈!=!Tƥ:D1yhJ2&1v5rxuCb `{tA7lݭo?\IN=̡N2 Ąy2 f0a$nar[s L GK6ckoÆw-%a)M7;uBQN[-eֳKTIݮL1Wkܚkт[вvG7x s?'D`[к>tInm/&CIǝ9/,\|.fWGSZm$#i/hfi0?f;R{px 0.+Lo} ;H2!}=){U3e|mzEևFS:F nCo"<ֶ9r@KJsBSUN.ȁqockrT٭!!Ȅg!biu~$+2:=BRfW(k j)n L`@Fzp ?4 J9 A7ސ$ڢ@){!)v&2pwJd8_G#rQ'P5E`|ZsE6>f@Om{0eYC!Y{ uKq[`ϧ h@W >T-uRҷ?=: r-_#Y ##Jʸwh[yig^RhU2g@| E*$c2GTTZ͢j˘JhV?z3:NGVz>h f& DBlJ,l%~9nEO:RGA@d! c/;z&*66)e ]dCs WnӜ\ qZ[/ in69y渖AДS"iTÉMܬ`Z6ȋnO᝗ΰ%;WIܙɔ=m̋̉ĈwjO -V;bƚnȮgdߟMEjyxҟ> çɧ>?xG]c^4:y}iӫzEwνGSS]{>?Yl _>yf~zwh}'ƣdژD'/W;y4||tuǛxxٛޏF]ɼ}ydԜO=jZe/ǃ'?:<}^߼Uꪾxq-i>_^^}|I~y5PҘɻO{<XF7׏u,߿~vZ><͒o:/>89$'4ǵ/O__ 7N;//jޏ1|jNn/ONt=rKWf?|x]xP8n>z1xQ=yrm'ϟ?xzy~z>8Nox,?yˠ٫?gŋ٣nɳq|0ܜ~|f~cɧwO߷{[/>\>2>؋}ǫ/Idûqۣϓw ǟW|^\=^|~k?:|ޗh?Wc߽/;Wokyr\}z}իGZ'׮=Zo|o<~iF7^]~xueg>wq5 积z7in'?ލ0+u Z>,M1fq}M,Sl0z>fԏ.߾m=-OɳַOo\ ??<_/oƝՠ3<?|2{CgzHC>}y}?88课>7;}3:}zCVgǭ淓Ay|~տvxI;~g޻輶y^,9~C[?.~|?z=y~4~{zgMryם\|jgex^7}}U;?˓F^٧rӓӫxw=|ub7:̖WWO.]o/qY-N|9}՗_hݘT?] OOOF/קߟ~i]}y9! \Hfί{{ݓWˏ͗|줷X<|6{;xcˋO{'~_ϏOn~<>x{_?8їѷ/(zݓN>}x=~p|vUMWo_NNNOh>~7'_v~|rY?~z:~~/U>zp;7|L/'Wыi|=~36WO./{EGrjmՋ'o?^_ 'ǭ7'W?NVgyNZ iMt͸qVG?4N'.V |>}޳ՏOoj?ǏW>|~rzj=z4o-|Vo^5>~~wt\|ߋߟ?꾿z|}}yjp?jy?E`6Z?::_|OΛ^uyrᇓˇ';GqLJ'ǭG{Óմya{_MO. k۰s|AxL>=~g'ߎ͇+r>>y3$o^o``>|HY=t|NjntxwzL:yY˗ooqiw*~>? :w'\OOw'/_;i<s?zX>}t>yy|ٿhQfMB ?L0m4 |N~\tèMQTgL,,ntN+UZZ͋CQu|/_G˕|M|4Cu7_ LYQN C-B_ˇ~g%'Of<2y"jT <ůf(YbҝӿgN(񒊛W>h>׵^~[kO7Gg7_j{*7.n~o%UfG_&_q|ݹ?<dz/^x?l/~4O?{S/G;?8>O}j?y5~{Yeg?.W݇Uko&W:Eqacr]lV$׵7O[7|?^{{߸n_~~u~j}9\%WzgjgqE${cs{śG7_X|i伙\?2z )>~|ד3|h>xU{OG_]?;W+y׏דU<}lYŽ'^}~?~7:o%=w7ln>Ͽ}x|}E<j~{O_=toѣ~1iޯ=0 >V}}qylW_ɼz^f0W;6xyy^{0?&7׆G㷓~r|s97}Dɧ֛']V7ޣ&yn\z8wˣd_FWm]/_?FƲv?JV7<|5bk|!y{Y-y}_}>ΟFy \ė7/^<{yy?Imgߎ^>~{X~xu}_.:_{g/?>x:IZoo7f|7M&{tz1Ջxy\m}v/_>~}y~ԝ].?ܼG$LJo},yIj?|v}h 'o;'_^E`Ee_^oN<~Gŋ7WËWpz}l~h}q>Z^~E7U#ɸٯ5~,?5^|8ǧ<뿘O\=wu itعX7_hl7.g/^zo޷ƃ 2DtZ R>@ro׺I 0P3Pʨ!lh@TZQ >E3RCo&P!,0I+UeW2)5 wK"X ,"*^/8H˻wGF|]/WQ2=e>"{]^4>K$*{bȴ(0Ẉ-5(XFvi3hrK/ @)X JWڰ^[Q]t]cO%q*XnalQ0'gW[$?ƃ8.}&wx5?h?l|Њ>\KJwn3u{svhÔ^0B>uXʪFqV `'҂~L-dV;"XfꩄX0!MaGGDݳ`e҂[Rҏ,fU^tZZ8h ~5$I5t ?-"Z)cz3Ie+iWm al" vP̓eY.3KQqrXLQl$桟Rft2.x5$?6|m|Z'a\ MX1oV4arEoI}(yLYg"h?(K:O&bI>93?K4)Q_9dbWZuq.'x=6t[ gi6XlS!Y<i})ҳNsa]qvS;-XK 4Rdq4fg 1s&VS]Zie@hoNh Ȧ{DH(:5}0 qHiGRܦSRV-(jPz5(V4kGV6 nXOV(u(B}^O$#gEExY[X {>62EX{,ص.Z˜nBnjRn&0ȯTY0vìIr`FbnUT"ǿ E/}|7n\ోFU:~S]q@Tҗ\DǴ&Z9np%z}y zx}gltF[BQl:w7NgHkRځ5m,Fs緹z7YܘߢݜGw0JB)0u!h{nHxƜ/y:2jw%^[*N[Mx`sNߜ6힗7!qil5YXLm7r7*4$^&G5IH7ɢCA7Z%J*If0-#o/ByeQ_#c d 9Fʚv97huX &*q7wOh2we.kІ  IFTkȽҜF̀]Ny~4gAup@4D !eC>RZ~eKYӊi\7aU>2 56 cyqFk/&cLgVJպd@$2hPP׸Be9Hd70`Ջs|΍>->0nQݢE3w[ZϲdpudPپs?xv[fSol-Z ?w5D7RűWւrI^™vѷ7yM'] a7HFDuu#^ፌ,ҖyM#0EH; 3(&dQQiM#D.x75w)ϳ&q^eMRpx#Q-9X UyIfج7CŤP-A(y'R=p@v.@ҒOUӖ XU 3a@Us9c!,x).)k/^9uQyPn'$h#q2#">BoX[8!?F>­d@OEY`IPԼn HIbaJ0`mOFLz@I^ (ɤi7G])88a3R XՁ֝秊{$~uQo4]JE@yOY-_2sVSzYkqgП4 /RoJs'*{4"]f\}LFl1\po],:p^a&:d_C }8$=32.q7bdqm*Bfv.S^x(f"c:[ wZL(G[ 4لs>P֙l;!-烩AHBdYP~!VA$;pmRX!U(m@4l&FCʋ[&%7 %kl-m(? ̴lj_}R*ӝ'TEV"(A|22ƈ#=U:UYkAʕp4LSILDQɇܧ2){}P?Gۈ ~P S! dlǐkYWyԴ-l2\Ѕ-w ۪ ac]oTB1 yUdkSMOYQ[:"6D:Bk߫pLm9$ :C Y()3*U[7Hn?,N~;"UgaWU"n1]W^(B/-'nwp&?ff*Tlnvo Mho51NWɧ%-!ƪg0P||?ipdӸ뷚_O`8W/߯C8!rVL(ɴQteۍ=niܕr_,}MKe#|nVdY*Vt9ɱ(C΁W5ZC |oϝ uell-U:O% [![&憾=2C1 n)e3 S[yvY7eڰZnFvy&eZ[hp_Gu]n]X#6~E>omUЎ'?_K)0d1?M/ne%"v)L lm8)v6.ێd l7J/ y燤#::[YMRow7n?94t6Fq3T-boa<)y)пzTdl+\nJo:^f\Cġ h1 Ie`؉焇&#<"4S/{bV$2W֮A6_HG=/msa҈ %Ch" +gt>5sFL{*HV2*KWF3f a~Ԗp ;+T &C'BX=HVRV`Bz@⍽q_,n)#|U*`-#^ō+ͭHX@ F,5h ~r SBaI9lVoĚg2*ʪQo*yTm\:shc~D"g~L:\U˴%d?NJ;t"ZH bf˨,p0`%n adgCNY^~Kyvu;Yː ^Lňd&Νj @Í8W WPleBee6v4f`3`›. K燝69z*Ly;/ {czǻSnf*\R6mnlhъI4r+YS1ss?ysӥ{R)0;WFh\';ZBqvԏQŽF$f#\v:+yb{oltqW\8~QWg!oLū]Zdmj찙i0G\궢],W~w):<]cy S`T-&0 w ǢX_̔6Wg^>A e;?1؞^\݈gGd!=j%'LTFB?UMfW*t$K>XGx\{5]- jWw|{wҷZB~ W^^1~ pMhXl <4y? CH}Aݹ$n}sG öOSnqaB?_}ո %r=<36atָ\TaccJ Kg44yG+nX{րFh*mܘEmhf.CPIx3 x>2sVځ4|Eghw;WHxWm8Ѥ7^c"Iũ>x1H@k4{1Z{|e٫c9.ŝ}#,rPe ⧶bfGͰrOdIu=vO;ijڷzr /Og9W%iК(v[uvR tr.e 5,3& lUXԉX*s#ky 3`?[%F-oɻ*(,JeCT_ҿ"^ &T*~guUe:K&%@hM$T.ֵՠLN'?-ð7{r<^N (/ U{)a2[KR^+UG5C24|4e)a5Ǝm *wE1`^Ɠ 3iܵ[Wٶ4*׋BX;W-,b*7W\#_vZUrxMu!hj/Irnۊ8ѫ)5 g,˃D],lZ$EuB뙮dz_$@{"mU|\X+-&D3{5],=W3 諕@+DLw-ZP@^ &4h ZÆoH Uf֑ ]+DB[!yPGۇj1#Ҡ:";cDIByv:N#L-dIB7 QI?Bh._\<&ȥzd} L\ڻ7ׅ`U&ISH~Kz4h6ݤ3v))R_RުXБAeO0"MM'  a[;6^KxH=G>Y* {<-_e!,Eṫ>h̓$>%([\9-Gk]NW<1_<}rMvJ<¾P'3' O?He4*C-H\V+ZȮHq0ʪw =gB NypdlaiSPF&|+5vkYM}A*B茢#=ؘ`)<0 )y^/_` kQͬ}zTLTsb8Opzx8F'fϚ{0hvG<pALT-XG7S?PHp6_Ho&:q?im8(ЌIw("VŶ3 0+pBx<„:hHKSkc7R0F.ZCh>u iKq2Y_YHhAHPzGTT79l>B6 5Wqp6^ANnBj.dO8KQn;k6( h$9k.m9L* E(m ͶCU씶[ Mzj ,J(nM|m0õ4R:҅28{#Wz4*"$ djdu ks9f?i,T`qR,MyWng ai^#m=HƟjOjw~(bY*pflK:I9f;ʊͩn}:M{[=fP1Tv ߾^Հì7PRJmWmW/ X<%JK) T~Cn>/9:%cΤ/mu-m4)6Y$d6 S5'1ZMj#LBz=B/qƛN F&?v^tIӕxTVdԄSڂPM]ZIiB2tnxmZѨ]`NÝZg)X TM+-VԒQ QdJ'J Q'QLF1h7ɢ]?׽t Bd)5}yYno9^ >exZm#R'F; *==K7b W۲V[nwȴF$쎅]3) O gT rŅ`sF/ȋ?(bFwP"=U/b!M@z9(YrG21Q@[Nbn@Om )@D>qӘm1}1+=۳}Vij^ՌЉAcϚ8reE*r4}enrQ+Ko\I| xv_$H#SW?ɭx5*4TX]`d `TVubAI0>cY4[Ѕ"C Щ c0o(Ũvꋡ =>3^d7 m87%-'LДټL11Zే7 06/֕#.%24tV@sYBG>ľPrFSflQy/Jq]ˮԿ =@w,ϥp{uBnu뺁v뺑uuu=뚯ik\ 뙶:n#2k Ƕ 9)OK[+"_$zyBS$Rʄv4ph'BTN]P9:e,ŔVqyC(7Z$,12K^䝷 7ҸI%e"Yx0fKRHiF#Ys;N&.8X"|`TcG*XhMMd~mS$ޟR"+@FѯMk9ᑔDOI]@HtЍ]A0ԡ#JSv$cJ""'  3)πy\ؓ̄ OsǨ;iUdMߋ]"X^{ըyGM7?`ok Z 5ȮVl[5&ϳO/bRƎBbL: REaL6#WPLΧN?bIx'okl>:Uȥ6T%pvT*P/ 97Y Nö~$13E{`qƅ =@~pPC9TkEʛo;+{ iNoXMV-_Q|{UWWSj_{׾uPoxW_k%'~կTZמ~c5?ך_ ~ԯ=k_]_-dW_kg~5ԯRԯ}y[`yPF#:sR+"tyHTAgU95t}Q)'jj ,htY3Q5j&jʜ˙s".-|AKıFk88 wB {">R ߛcHXR+LD9qDYV^o,h&Op%dV]Y5Ҫk#h5" ZtD=&lfKiU@Rlh55Z͚=Rc <#W3P}"4pcXCy1|8(Í<ÍyyqntÍNpCunu"ᦪ7Y:dp5܇an}Mְ7Y>Լ7Y8gpS%MpnyMVpnyMVpnyMMpFfnJfniUV:ҚY[Zqftni ̯pK+Wyz7|c:7֍qQ$y!|<\F:H|SEMUqou&k7Y:d|5盬ao}yqoqJ盪d뀓Nppu'k8Y:dS:dcN88Uy';8Yy ';8Yy ';85Nu*YuU\Z!KkfpiMV:ҚY\Zq80.hpjK}Bb깏1E=gZ3q8.(Z]͡USaVzht># \xg2k`Сfdt6/qV$gbZ#SnkCaliYAy8k2@;VfeQ3ݐ@%Ƣ\-w<R߲`ѺBFEFa+б"{ixɐ x N38R͟9F\1 9adJJ*䙳oK@xP b% .RZ$ZWh 6qӪ³"p/e:_!zʴ`cBfɹb0T.\Nx;IY=*Xn11 9y:fX^@fDP:SD҃BW& -Â3 Wb[LW{,Tfdނ 1ˉw3lɥ|9P u*AfQuiܲed 4۽Q!^k$dtߎ3:M^x3ok7+kbyYSP/)W{$;8 bJ+V`例]nhM61oxYw͊uXtX 8Z/jSaB r$5P[e!@V֫#_jfgB8YОDġ)yg 4):8qzij0redi迯ƣ?l+*hE#nTYj< q ʘJKPY/JFrh1BFE93mI(^kޡn=Qn[=neOϜv/,T hs:y/#/Uy*$[p$Ȉ}ךf]ņgf>ye&pdN0\0`=a>qex~&:N>j( .A 6]i =`r%PE,7H955=K(Xq*ܬWS"?O{!qDm)K1iw| 裍pσ yoUɇ sEDto B44^}d%I)w(E0:kno wxnFئ()~>+Bb5ߗU:IB[ 樂@^)maP6b©`c)SqchJ9([zЛ[(F}/Em ȏ`j), $N'4z`3Q[  5/26By{k7vG}UGuLSA\vN7r ߘ"a}SjhpqxA5Izoۉy61"dsZof;ێ!QKLƨLF=oFA 2"Od.s'֖/YZV=Pwp TYK|]I6L8kAү|bk}{t<賝DG?U:bP( Aq7ߧq[{{'jOu &{YoB!~n}%*׍xlw0RF jzU5.@ZȬޔC/Xj#frIJRP!,MQIc\  ̈́ޘ%r:6YmiOFpx3YopsI|\ABX]ݚA4juu'޺ZG\Yv-]WO6>f5cڂށfN;p+DzCp f/27,v˙6ǍW7'n&+`|6`\Xo00j`YU bְ׭G4?*.ů/BWSNˍ]J2!V`h!2k_5vJ{4q\;c@uyJ(9Wܠ7)mٲiNsu%ݛ0}u;@ukdZ_ "%I%TvP?dw} V}􎑏nM"^~qo^nRxkA)蚦-bJnW|1ytytcleyVԲ"35 OfϤ9e׮a;wwS|xv8^9^9^9{jȮrqq󀋛sa1qD @x3 0#tjoޡF>'3{ocr4l.z;9>]&DWFH jtq~U\WDx{ȭi wϋBh 纭z 壹I",1Hir_1q<OxmSS ?(^ǾE F$и  ש+#j /rҕc}J[։}:)g2|Y1T04LAEj+;lṉJLlQ•XNf/Ό`pC6ziu :ک0:'oW&J]®a~z]ـ{m~ ~ ^mr&3;`~ ~]X Lm^]Kkw#,I%W{]}~"[~/\IҒ9L8].8ڰF;?D6f3{zӵ?+k:aU͋x v5]=j bUCF,}oyh Aðu6+B7[F9kP֌Ttf 8Ub:Fx*)⤃b5<5x$}a Hƒ:,W,Lx7kJ;U+o&X !j#xMQ1▘nXq zMIz:D3ʕ EΫ FMfjԌv4,@.4^{n{~F hK@)WnArjJ劐?֭OӋ؛8N82,bxt xYم%.d6i 0,v-@(ּsu7c$j\_?@nM@.2euk{oxêԗBu_r CLAzx/`3.w+vew(5lvZOHi^Ȼ%қQWq,F\hDSk ʯcͼyugc XUרɄwW8l~|OcUIRLRrJ<fL~E-.Oi:y7hP oX}xQxy/J*"ҡ:QuzRSgQ_}-)bJя\d{n,gF6;':ҷ4o,-Q}@\y^$|򻮌x* ~ݺvmz!9A.gs'QʴCQ u=]\)P{Jw޼r0|} ՉnMBC2B|W* VVzy.R-/ɒeWvw@4n>@4Ğ4=`%Ͷ{QPF>o2$)$^>uF~v d]R5vzp@LVLDzWe;??ofw籤<%'5x 75u' k9dMM6(Q[[Qxt f,"v *+h&iARD&Sa_luL/}%MLzl^:{h-qkWh铈}y,CnLkv/CIMGC]ZCPlz_|CȕP!rWa?g3QxtzĖ(D4k;ye#%\ n,0S̺QC 3q3V'-f lGB&vJ2 >!ס-˹Xyb>b-V4`?׈Yrqػ2"*;4yuy7QܤWqaX*#ϭQծtۦy>ŞёtFn5j<l? @ZD6k?ۄLÜZпpE<\AMSƒ f-`0,>$$Jٴ!nyneٲwC`S6Օb|l~W;f{Wf]"Qtq={^8$B iA/e?B[R}2?^ :r' B)AiRY4χPk{\ iCcR+Ra) osժ`%+ihuX$:,q'l u,'m2A[QO&}~{Y2Bd߭4׽w+IδNI٭<-RݺLQZi ,kkh\g$:- ^X]t2ĕYRKyEuc mm篣%W */n<=gsn77h\7|5?y{|W.t5lu}mv)|6+WDEEHS^9-S2^xV 7 |J1mGPU;AmcFx8N=տ<&g/b_5#u3/{ol|ԓ8bn$zSC- m CG\>g>#Ƥә{Yi =*ַ?Ӕ)ŏNQKwscEzHd#}lFW331D8c8I%utz(,QǣK.lM7?~ B =v㪝]83Hʺ%ؤRmRP:dXDR 9W۴]l[d`益bI3wQiꇣ2j\oj3C+Q.xaڧ0oֆ m0U HsuTL46wﮉRsz,`@WܵºܰOlĚ(fU%ۉ bqkGtcޡ]lż1&@K;5+H -" 4LؽV+1(v.cG]s7ME?X{7oՑUS# AҦ ^ ¼d-R욹1(jRo(E( >AIx~ӝR"X q, [W%K4[glֽ|msȱZ'#Y3A+-1C#r{ WnxXQ\σ ;S'm:P1OEfi20'HS~P93zEUk]gaT 8⁵|z~*D6(Qϋd1k{BԄP 2a&S #4‘rQBr+Ţ{dwpcs U횑3p$wᣣFڳx#M!XzʿhFR՞P#`CKK4|ńٴQͪpulO|l|c!K9+SL5)dd7"^2,.^r1?nwo_O" - c/N;~)2ƉQ{ q1D՚_Z|elj_"01$jbPE ^IVO?%,6 $.M޳t8 πЋY/YMj3Fz&قX(3@<zӇ`oRԁ@о{zo4p59@\dmD(!H熮iWm_.bZvjI>yYCh]+mo߁m0䳶}1A'2z !ѕ&¢Bcc XwԬAa֝sI)Ý8 5Ku' >:ɉ[/o%ӔgO$'S oFYN3 W4ks0R%jvLzG) vv~GA<#XݶH31X̯X8݋;ɼ >:݊ݹ,.e&eƩ[aw,۵5+÷݅6AJq!qsG9ʻ[Ad9һ B#tBߝG, [}w.0ad1yw$c} D}چ-}hzp{Uh}%xjU% ޛQUDUp]B|" 'KRĽ,2e]eSWj;1NizS3Xjp2h}Y3^W 0Ncbs/BTNTǭV~j_H7Zߵf~*b!էL!D!t[x )"/ <]Kga_p9n /1y.>x*^|U뚠B<~B8܅G;+ Wm?Am<: ʯN-[a%°4BQR|-B}R$wX+hQm!jIdHB )莐|FzBqpllDT[q|T3#NDkkE56Pe4%9GSJ\P#6e CL/ҀDk(MI6ӀtM]  ].NM΋n/T]V[+!5Dз 4ڟݜM /_,W - #٨jϻAFX(՘ $tw+6y }CJ$^L6Kv}!Lrqm 6!uW Q`#@0 t F/VFz]}Fq&ؼ4iVSSׄTxÑ% Wh ZdX ɴJJbfiYkqӹsմl`%?Oԟxͧ`%<]@XE3  uxdA#UkaIJ=4*Z12ž9f:O' flMN۸5,&Ґ Y4m$/_PyލHDQn:sDHquF>+e>I ߖ&˹=a&iN/v&jSX/Y%fPy*\z"@0tl`F ⃓fz1CAL]")W8౔MPsU С{]19y'rtG=!̜D|;KbvhvQ5 vk3*_ !Dߩt|rkH*@\XCZ5=%.чŰ.NjZ燇 VVlWy?W:*]sYYø,YUYZsL,^u iłh<A(Dk BlA3vP0?uZ !\4ir=5E7qj7[H`.d,IԿ3ܡA5`8@Xgn\ TSFvr!% M8KBX+9t124Xxn Cl_iJIs?u~ZS̼HTj*:3!1nZТu޸H ,EfvڕCWP%4#M:JOg;8BʺlM?W"rk_?yd0֛xԱ\@`$ZJ& B搪#'b*mkjW{2~3jW!ȹi#30(Z_)B _zr2"{e }K?h_jm?ѩ-z6;gSSI2RWQ8yVTj%Εʷ& |0&$҂0ШLX=0wncX*[ikr}uẅS[j^LNmFg'Zzx/׊/}gFoS|h; %T:E$o.EM`K΁Y> 08FDڎIhJg%UnMQ0r:!(?Jh"Eo<EM77jxRM$_$;䝦2OfQ-_m 67)nK-l} |;FoTѽnם,QAGIrzz{:99AL4rVmp `K[p.ʪǵ,GQ:Ίզ7:i6ёޚ 2t ǧv4H}LYVfhnoh>U7+G%ʻ HcЌ\X:cch `NS18wtN6Pa9y܀].]έ>RhEU7O~H30 "G{3/VR-.HƝωq1zDlJ .I˷w5u1O0ް%BȼF-;4]3'LQ)}&4*︙*<>۪2 -Wwߦ{ q5]g 5sfmP4~EZA9thcϷ)XP*=TJUM@RCn(t.s4SGxJ\nW zuLY. ڀ$~Ez9O p28.dO `h>5ON4{xiRcD|wB-jwg5zEhFhcADCc|Ī3]]oT݈2S+|G'B>EfF3eѽJ:;r.4#E$~XebD߿NL3%)8-!STϿgf3"PVrW.Ei⳾MbZПVzKg >7 z۔qt?R\e=V_q|o4Zyp+HtiS4ڼVpm3~Hm,x)҄<!)rC[NR~s6OYJg-}ˀmzOh'ftAQV㸕:jaLd}쩯KKy.}.^ >:43txGVーFj'޺fl"OlqRy5;^Ԛs1Jjz(-nOXA^Zl5֕4& 7xD$uxAnLj1"PK6ӷnHh/nY9~I\غ1|2tmKbMs A|Qk<@mr۝zzZis팷KtS0@SBܥMDݚE` yZKT1^7-tij_l0 ,Ӛ\f7<_M}~'xRb!VNGISR=1nj>cf/ ,W8oxk J~ -E{O@:uY]+as Den3ü%3<8n#CS8ll®Aci !g˨Wn nxIa$eqrdjAh u'}L)#8~ #lY%DOXS< t2,{£ H,tJ 7T;*D=PLFe&S00Ho +=`C KЕlj#B;Gi驑hUs*֐ }t=T*hanyPɉ[zYkg$" ~@xP˹N(QE,vMȈ|! Aդbn6|L&M^гtl#PRMB["]IW)&|Vq<|ɶ3"@K6mc8b9N~$|$KRb" (i+@n;D4&3Ryb_SWmɫF#LEk͉-ƴ[ -gul[{j` [2LT%r(Y/j/v/څ~zXΩ&wCQiReԼ$䙡bC`q\Yq< Dر3B7MO8lAoImmUh++K!q+re);$M*XYV1~ f lMPpZaNO59q4vA@(T/x'0_y+t*! MNs]4< G%Ji7kXYV} P{#X{}:RkxWkKgVb.Xwte_\Zrv0A{Y!a.H`keX7]7"ic`8"}+s{,HnI޾7w:wD`ec4p騀*SuSJ}v=>L(x-=|{[&qV շZ!hS'0t36Ǩ뾱l:%͵ V^'t~l'l\P{a&Yx~EF_1cuRUp,vޭ~嵏n",M&.;?wq':-݈Ç|;qԪ4U]JvNWw e;ϸÔ.;~mS.9<]MA4zʿ }uvևG| xGlisݕ^ftZ*9uIVo֐U7x7G؄tEMfq>i<*Uc*i&F\dd7SxNݒ; HdWk)v}d^ Zį)$o^keRoG0,熅|Tdž|1{Ũ'4/^E;e؄G≩ڒ\ Rq{-G =,Ŝ ד9Yi95rQ$٥J~I(׭M;^:gdУTҹtNf$;Hm̞HjKAEF pWZAFηIzʻFHͰL&hp-dg )!8V cړ%|D< nr{*{6yz9#sKi߂&XNpK R2$tR"h둁|lQrUͲp>R~^Д*Nh2lwk&Xq|k;ѵxtO3ֺJlV6Nܿ-`o~-YqV4lvgE2@GMnىpm/l`&&GĖ!}٫ §>\džP7JPkZv>-{KeqVşԋ:J`*9G%Z5pJ[I>A0D#=;!!E_z 73D߽ݵsN8׽[g|㿢isy:JU*YJصyإu?6MIbMN\YqScɺ;4>w;ӭP來 =(mxZvcӍ5,"' G!9&%H` (Mu]^*WC{[h0}N}}WxZ!8N\tZ_@I "Ýyu.bgǿ0 ٱ! 9=tꥣ8{Ǜ ͠ r $QN:Yrȉc;,T V7XGL;)7+˄ڂ 2:tt vEfGZtn"ay#64߄Mxo)06؊و6bFg'}to6_ᶾTy96ݖ*NoK}::{[jz72omKԶ?;݃lIe @&,T] /RM;T߃4~G=hn"J7zϪKw$iglq N&/ x>/eRpXB].ϔl\TԽRʧU\Uyl9J>.<~W.ވCюQU}gy^,cw̙vkA >Eƚ L"a[dHa;Bͨ/xPYMAn_yʢrgge\D'6Q{U&oć)?+Tρ\IZ:q"Ch$t"Ng){m>SIEI{AA\sz#OU)wQyYL|aIȁqa/$ZxG)=?Fo9*\| Z}SZ.X{&pSǐ"խƒgE7jOIVdqdVsYx5"/B FOEIǺЙWI4nŏ YQר.W椨4ֶ6DyBaTbHQʥMzJ;DDS9HZ;JW7+d?<-p}p%ץ]d+sbWGlS u3+^o^#'U}U\EGi~ ]h\2dBnpWRTm*E\.T ηVL\cdcldxg3Q2+%E4;.0d AZ./Y a#e=XGٿ3~I=sGr;IJXjZV>^:(rJ% {NxMqWJzbϦ I{yW`B)A0r/وD@CqA/_yֆ7he<8cuhUф K#bfp\VW3qjLVߎl~+1,'C'Ԯ3E+57bwm1K:ʩ"gy+?Ϝ`Ӫt捑p h!.BRwJ1K+KgS]1mFsaBbSeS^69FY+x ފ8ݜB6ᯘmc͹x쭵;>g"[9͟Yvs7!(4T=^qiܸ^iq-*Nk+g'8q5hR_ceYfYX] ecevM3K1jupg=pQ[&9+.ҜWWY|X!ɛ*`K&Fqg_5Nqi^V,Zg.f#OC؁[qN 1΀L.Da78)wN 'WV-keD#C`] YԅfV{u,O=14yޗ.ɺQMBTh`Yvc.b egQ:fi BNVyV-AwSzojG<Gwxb)kYz3@,yVe+%EDt}dwo-~~uXUZe)l%XZdSu]ɿ/:::zR$}jJIo|~Aj,NRuػf]-q9~ХC._o5~=|DVB @/H33k#N@͚\4X<>٨o2tklGmdt$4H(G˲vڴ@5xy~y&lw.iH[1%x}P}It֭YJ3Gl{QqA]OoxDS{`XFfg)'E,ݎAm^SpNÈPsk]C߇+,3YoSϟ9$ [RI4Mxcy$CN'33N,=ydS@k^!Z~ϣ16SViu1Nm$V{{ u 8] k=~Gwtf E%ߠCzOD潀.f8#g^`պi+:Zwa6-1KLʷGJJI=SzGϔJ>( 牋owIh ő9|`$*p^Dc3MuyzoݝFagt|s<yՅL,BB.$dKN&y"-(\UK!1`* >~|TˆѼN/P=!ŲR 2LBŎRPh) sn·HH5m*."`劏<l_yH+;؁ j os\qpݢsyK7aFi[ h-BM܀$iCnzk_ ͜^8eۉ{Y%k0p]V;W= ;P-QL{f|Ew{OlZz7rQc쑵oJG0OՁkvqq(kbw\yUO(XCgBkj'1A/e )׊ޚf O@`_[U[9[@|&)Ig\zɕј  :Q;A]{W?vp5{a8;;Ur r'sP>.ԩ7Ԯrs+:]8)e7-"Sx߂Ԝ[j^e?(&֮f:V=6**pu )u&|\xHw9dqc?@Mc7WPD'Fgi2,.1_h(üG%6'R+}7dPbx26hg֗w5,Sk'Ca0{A놣0VS0At1 ( xϹ8rAMCЋN;5 \o RmmjP']4P_ -'5V87m"\cց+"3b kq7EKZ*5ɟҿt-K1ۤSu;o8]~h$QGӌ˔‰Ap2pl6+Ft\=~i *hbwJ(uIemI us6$p`"ۢ't>q,F]GAc;h;h vcƆaw|BC;dCFsir(%lW\cGɼPT'6Z%땋l_O}Υ* "Z;$/+PuJ^?ػKoEبкc."`䛭Yz])MPpaRS6gԎm( $r&@EfE:6/3 [yvu5xuAt^rW.2^[{<|d};xTzXls=#Ҏg.%1*jWaé|\<@GCEFB8ڭh:!ڔ/̪'b٣0CEZAh#Xe[sKg@uwdS5z%\Ȫz&U}HNF!IQ̠ϛ08c|1(pЇ8_ɿg`gLE2 I*kb>IO(~|`2"3xeyj;m0󼘏Ó`?;&T/6Y\a=˛5_&оx F# ~k~xѬȗ#h??#F_,(e];q7(s,IeczC#ӽMOGc*"xΩd+QU' pLq`Idžw5=n{kf&=f6opӷP$π}wCk'y١p⣏> "l|?W>*.i>k ^J?gƿR}^AuGDuɊxαDY|ŭ|F@+$J?M)qoFTOqy7U2)^ſ|[7$*EU9e|(zGGO//w{/|Oçuu|û+?lxOx1_)K>]`=~bї1}Ω ܜ#<2_ qr\ۺT 9Xo'}>^9]xMd?}χ'`CQI~ y'i`*K_~1FPWTlGNyxzzzvt4'1S6 O߳шOٓS>sC/>3q+x] u'~ ry봊uQ"08,20"$Ul%,$ep{[yTm` م:!D&/3z[#+UO֦ NoXpg"q.ʔO. $,}!;urySM̷-Je )Xw.Plolⵆv%X{"$hb22usm7J;'j/itf\ngϬu(1Pu2Ӊ52^g>WPiDsU1GIWwN}PBg{{iRq/Xp H]{ءAge7%p~ჺ- 6{FxűK}0x#:9, ujMy/^$ #1~iqbR,>)kZ{559r<5H΃抸lC2uҦDO(MMDDԩTȕ}!5CfpZuHܲrJM2^d^@| c8+,r~8uP-DM1nfʑe .ԛ{|yC[rAzEc\ T[eOrSqrIs1_ }t90`qϯ^.?U^By6}dRIByjڡB;,)Vci$P**ğS$^+Dw~Y&Ҟ #-ߧ\KjM~vRأtB%ZTN0`pBglgӸ e5?Js0v2fؙzY 5C9.XYY^,ߋ*Xz\(Y:㌒F-%X͐p6# !;8f67P(N9?#}`J:cgxÌ%)MFgw=rxk(H8*Q--B_R]G/̒ezr9$v8{{j"*Iq6G/hK ߷X{/&"F02ϳΐ89gu ֱڪd~:(t?(dZG!߁а4x2+L@(;80>~⺾Bl.o [ʋZfJʰ&k uXNmvoeD>5TOKwi24K Pwy"6RzWqĩjئ9O>2Cnj?HZfGf_#Z+e* ~lpmnK#ᓸ`PA-kNs=afpqy.O^i~28z,+A]΅j~}fβ+>uV/ל3K<'ak&E%'\̐k榪LLy7Q W/Z $mAHC˻{|:P%~@+K1K}WՑ/Wy8«ߺO2ֹ: %K$=1]USbIl ɟM>iWX|k~!1ϋGㆣ)m a5u:;h:‡cԋĩ$`·WP,,  MPB ʝ:\"8H{`8.˸j[ދ?õi/xʞ1cB^[XZA"(M5P_7{C1Uuڞn &R0$@|>*,%㭹9HUZ'}ܛM=ty8܋GYqv ?F1txqΎ0.G0F=!O {|LIݛ4!4*knOGOΞI'{kA^b*UZ"lD=O3.c : z;:wqQiGU=0Z>y*΅;2|9 R #Y.y)?XRcS6?>9?h'#~9eCC@ cP0ٍ~]촋v.vk=W#L '=ղ^C0SoOuRҹݭVo_7M2k{X\3ᷯ6߽zFѱZgΛǴoNSQߎJ'8!_If;µV>u.|8hTڝJSi?HּƷfEMy5YqiYDJ&"sv@:'+N]{ރuz5_"&kVK3M/=ppLBY/h4fwNi-:nӌTZ?pUZDPlbCѷU\C`,i4kdd3ӥiPerP z/1a.zVK\ ʦ avߝщxI礿;!NHkq?9t'[;Siw*Nݩh?\[ֿsEh;~VwZNowNvj{Nߩ;~TjS[T>۟~7w{(e/09.N);wwwC3mi~==i;b]촋\kK zww~5Zyҧ[[ݭNݩ;5voY\L{^|Myr~ms>wND}Ҽ*T6W4O;5V>`5MZQG-;}ھS?lk@dXu@4*v{RwN{ ,˝(pjO>Lmmg.N7;|tR7/9dvڹ?`[>_vJ.]~]~ݩ~&&;N9SDI*ɿOz[6Ҥszulw "q"F-FX2æY \Pź-9?}/˗SW߼7@fw2BJ.4SwJNi)pEUC凟\|.]&>P>p 4߿usey]r흾wN_;}lZިGf FѿS3}4{TʾSw*Ne_c/KFk?чE%C¦\wcl٤W1sh#ɲmdK]2,@3}d\ ;KMmSwjNMǽ悫WU;EPO?`E'>Uk/LY%);e}!*;Ο|k">wz{g^wzN/^Vǿ yUwQ ]?l}BW_W;U=SwٴwNUߩ;U}@:/΀n(O?`釩!M"vz{oy^wzN/b}Yr*JU<Niovx*Gh:?J߻~ھSwjNmߩ;R/A鼬zyYsC=~RRʒ"z|+%5sbJqrG6?Akg7D|*7EPu H|yď253j =361tPpeFjn@ ͜'̜tgJҨ{Pƥw_E%MtyǽbE]]h,gl7gؗ5/~Fa˹ca Z]0f`t|r0d!CMze\hx0::XS 2 )GbRnX& "UaT.@yX<˫҄+F\/PiϺ@ƽEM*R{Q\$qOnaa%2N_YQ\TӒ4r^i[xſZSFuR-~5)?r $N{ď6N3xQC+*Y'xy~iERZ}! Iw_[W)•|>j.@~s*h!5=1}>N߯ O>tGs_4[xzV=>oSZ*(Dqbq"R7a*>&V`%Uf~ՊGwhW . 7)Ն{(l)eH/6T_ZƪA󗔮c3bˍ|IăJ1wFQ $%?2SgϦϗKS|.jPu*1<>Fj^?RHzOFjGQ$o?z2z q&94NXdG/q4)8YEf١Z Mymjecj$*QG<x2e`ԇ~K]婸'8g3m $zNs7.n;: ȢXWyINx"~\ꨭ.1ccџA$5a34 #΢&{Q>;/>Ӽ,^,W+O9c5LY uR%G'؃I6e B{u b#]p|OՒ>l&5^H_QP5J Y^tk0%_B7{GJS vc.E" QM)*H" ?bďDSXUm}֖6 RL FTEC\™\7↕Vr^U|Ţ( ~4fcp\^/c࢐,%~&`!#L-7sfo"~MH2֝֒+R5y$/xZ>RuIu՗G 4s/ȑ/ʬrXo{CH~^/8 ;ךNI8?ZS~4:R=z?= G~dR w/ن ӳof2IoԒ].&\`t'Hx!M/8#4^_t pas0_s`< 8>B2Ǽ=gi\L{72g¬,j~n77EXc qT_k=qT3`MZ}:TSyy.̋bW\%vpYp8.fqxpOy>mYχ{魔 _DnST?,{ih0K{OIw)=qgc=mu=!Qul{?ouԻl]x`$Tݘpƍ\N|)pM"fX h \}];(0OS>ɅewngQYvE] gqeHwOekϸԚ2VJ~}yMzͷwJ͢sicgYc Lo6- EXZ;|ǂ4a%4{ьix=+SEg07ä7HGea,}Ҧ/S<H*W4D8NLy7QdZ $mAH{|:P%/,6ŗ<`t>O ݗ)(]D`ɒ|O>~ZȒeϕKoa֟.\VIo6Sx)"(ǚ#MaZ6|2E)G /SʬG-s; ;#8}X+(fMҼdr,S'ooLw{^s!:\4``k5 jPKK U<7 F%xN/SpI ev-kŸ˺mZbG!'<:dbQ"V.ˁ!FyzZDxVX[VRnb&ܛçOyBr9! )ڱUۧɓN[xVT;mu`fzqZ~W]kXuT10La)g=: ^﯒M Ud -+Ai>YÂ;ػ^T ĸXƜ8w{onJˆW߉* GT)YkHDlbY#{xc4d)TyatCw.O?m~^ =[s9c|+]D(bqXNճ']iqxug;[,C(`r? U:$_(*KmH2z)߂\ΣGY JI^?̊:Uuʃ#K&(>oGtG=l$?q'ݖ+˾x5Eg]?Z↏y6K gcpX~̢~_ɣ~ʲy4~ϊe) 52(+ $κB#7$ Go1䣂U"{ƿ|(\:Ϸ  {*{ oڥQ[@c3)?:eXW/Y$ȊZ ?檂;,X7M(xP^5^O1~ӡ-cW"ևռ_ʫ;7Y~ 1/Xoc^#(uV0v΅U7=q5N{£9e{|:u`,f>{@Fww(e;!|x`$ ZMeJkվژCC5)Ƿ5ߣϰGԫ{9YN݇[r~O5'/Yݨ:Kv#:g8Z+H8`-⪾$&B{>7" q: ׿gYΪ+UxoY_IY?d{,D<ӽ`r4%/Kܻ_K+ Y<c8ȟj'Qk^xc^7RZ{8ON94BG8!,7ogy2,,p,0- cr.pҩCxg4s5Bmo}JrSeوNp -υo=jn-,|f#g=}d|y\Tykźx0;W=fX[BD+>t?1{>x>Ԛx_1Q;g@ĪWyb):diS V3yҾz/{~!? Vxe) V$ t0> n &8[*13\@&T 6A"3oLf|nEi{96_BHONqrũyoQ-apyH~UIpY~?q-B&6Xk7bxеȋghx3fz@٪q':ΛG*N؈y^z׫xz1O^^Xq#JcΣã Q<::\ӂgOΦ*J|L9d6b#eRrOf94r ik.Ap'd|>Lg1;Ew6MI=8}zĈ1ثuJdȈ67a 6#2RDo9\ z'zS.)SF0~GGgTוs*s(tZoh{5ɔD FOSxxrrp6#PNov%PS)f'A]`48; ZKGD&Ԁnx !q `8P7, e7R0<98>o++b7P7PIattv4sVOOڊy e^b Dg>Ɯ G0O00 7^c9=N7 8>;x}x/k_2bFSނS'ǭV&lcuKI YӓfRo'щ.tyNe& OP>5%r9qhK" DǢܳOQ0)Yg S;d2\`$fpd,u-i&R8:zZ? ~ 1zkSOETrIET#KTǟt[0r׼d\\ <%xN:XR\f3}i? `?gLy8 zރM?i%sk_>9991C"^?3țqW0KYtԝtO8$~a ![1gĔ)My d2yf%j H!aЍNvJY5#֠xhSmZmZ'XO3= KQ7Y3;̰/($;:D1 VMφB U;1'qɌZ Zlh3+ݫhCFn ΅8 1zAZ|mlոADDK+.Xivmon@q@%uY%E,.&pq!ܚ1 zHZDбFjJҸN$ *< qm7wV{?ЭAW^f(?)|!kES: 1:^doӼ*o렪d捱[,:ACmuU\G ^UbXjz}Z^ˇJ xtKqG+-Zq*v(EДNڭM/;4:wUɑC>QhhSH1JVp+T⠩ks?+o|sXUcu6ȟJ9ʺ\n?PΊ/kfuTx"+`lV?Eb57Ͽ Cw/x/7vϿ |ˋ/_7W//K m_}oo&Hͷ߽|_[Ίɹ*! $y3I-/W/~/?|c| &EE)>o hMpYAן뗲'q>w^|+&9/?OKM^_R~/_ƦymA~w_o, yTٯ֪}7篠V<+AA|b=/_}M!/birモo7UpO .g$믡ow&/^~/a俌w݋?|-B}|?5Ozl,F%HEcqeNa"6'pv߬H&^w_X?)o/B/x~ N"e?ZRHQȫf̏"grٿy$W|ji ĭB]FkVKWq B ,^Xf̷y8$ w\rwU09X@'bbԂE8ofT~ᳵp|/oJ&x&[0{rFi2 \'s]H7Y )g(8 2ػ$dUR({FNqln~s3 yRu( 3+ .j_ fBs>)&|sN1g/ FYoEy"tpM6Md$i~- DM{dELlo"]^X K6Cֳ "dW8"M F,cTA.IIȯj3.2N{d WI@ILV6`k5@cbH9N!4#JlQ a $2`:hs 8A @ro@@*DpR")/  ha8g(l.,.N!\ĔzgaXxeọv E`.7PU9&@$ -RX#u"aGH0N>td!IcM)E' !";!cM(Ɍ7fUOTQȜz%G7&a2PL,, 4`Sx_R%[5"b$=@iMPB\`!F)2.hdDiр7_Å Pd+BK)P@jnҔ+AnjE@P&8Ll{E D,$"=X cL2[h$A )N$%aJWɒk$?7{\9/ Hg 9: f_ãـN6f#}4 e*+K&PdN,$VTɌ+\Șp VN .EN #n,0XjbsOD tNW$>/DF',bbCpHHLh# $~ =bPd6cwqhTi0\ ѩySC}J]3(Q(OiSߩ+ B.*&fnY 5I .9XӠpwRH6iR^Ctl"ω6bY jY 6 )9`, j,d 3Ч4DϫB`!XuEɪL(Sƈps6++|k B@ƈ:c|G2_˼68iI B )F0WbT"S &E! dD5`)l6ɔKhD5 M4l%u@&2윬ʄ[d\;@b9(M *P(:weBp Fp UZLDj: +".*DA2Eר>"-V&ˢ:B!z ÑP%ut TW9ĸK؈eYȄD'? @2Y1~:QZ 7IbİH\.ƒ qoMb)'A2Us D7Mp0a\+D_Wh?+B!0 Z2@LTaAfm/0, RZ Ps0&!&jOJAÆbUa, y-8nfG&?Ǥ1\U"WxBmG / iЄd$)˼&.Gj)V#xLe\%M~/^ .u+b0}J΢;{X<46#!.*UOcF8`5P$NS4Dw7X0I-(F/da!' x89#,46JJ8((11 8JVVvp 7Y%q]M$ԯ"9~ u.+b@`w8! *"f I~wMX97QOeT 4e8,RM)%S,t#"kI &哮.#-;꒔\ M<_Tu:߀[dp5&Q> m? .H_BlԌ0)@bDlR4&mT !!]8,s.p);DuE\k/$pu$59ыFfb2⢆A # -F$/P"J[/:)< DAFb;Y׻zם&̀k#M:t&I.)( j_`EƮބd'Ƞ,-VRbb0L56ME_qU 6ccX6 M4Mܬ@rh)"/&K&6a AѱURIB2o~s؈\Ϯ)|dKCԔN5jIobD] cA&AO?^5Ah\|"#l="˄dEMsMLdFof Ff'ue-e~V_$M$@PyA"GvQDwqr0S*%Sl%D&얅m,ʠ$2Q'P GOH cnea]t{}D+BT yAKX] H2HV0!!"/Dd#㺫Xj>cB Kj8^l Tdŷ5 sѷ1Iyi*:Dr`p "j%!D_&֭a&z>d~x6fAM^q:Q !R![7<AB \ZX[Qay*^\& \m e⸠p,2HͺưH1f2.!&j`ow~$XQDb$2Ax4l\ @ō@1.YAN&7F.EiUp 7IE> e uyx$qL2j d!OGP`Wj+A X^RP_'&,ek)l\'Th,1~Wf]P5>YyW<*$\$E YP,XxEL؞*TZвx9``J5'6.C{:QcYE X*by s,N]=oQc{@;~n8ؙp5>}k!Ď@]C{l㵈TLh jwa)\ޖ1j#ǂWwXc|T,\"lgxA R A$dn^ Pt'*pP\rS&&iB y)RM- t߬Wjp]2!"86P*)( fP*iuRn/69.oZo?{VOŷx4N W=U8Y5Q+;@|vrp[0i'QL"&D]@5!DlHioK5)~I:Yi3ềvYns2!u~[,æN1S^;ĶP{Abm$+@sUBpK|I W1zGL+Y\V`m T@&) A} C!B1SWp&i?$^YUx..ih\-i_:@ߙp abEZY^ 6B܍8\:1<E]N"!Ț}BZ?S%:Oz^6A. |7ЮXafO>t !ocXK[ʲ%Qy6pK+;~\M7oqR SƄ\M~K?4"˦y1I9[D kډ&Z.g 7n5jdqE0 T|o}|]&!&$\FT V%TL<&T P ,a>2{`B8(:Hp6eyB|°2/چ46PJZ(UH-NġQsvq>V'9pkz/aD~;*i /c~RwWqM{wSL?u8Vadt ~ p<ơ5?Хc.]SM-Ӯ1uz>UkSV|"fcثo+%՝gs/ M.-Is &4o eX8WsARߚVi<дRYB4_UL~DjАK{VF0p?D G˜IOئӨ׌8!_Աax:YUFq6H(` %mo@,i^`Jɢem!F'n/}t.A O׵;D7%\M{45;A毪* ߼=Xi) $9/|Sf=) @7KK? OrO6Z &h36#ot YtḮHt˥TsAo13obdȦfizo'_&C n IIW4M`NJU2i,g*$'8GpdGw`|4?CL߆W+N$Dd"^x$#TM2+/6:ڂ YMy dZRdfȻ rDׅoRx/-' b3BD[6.D\{{;K\bEL<Pj*"/Ɔ mNawC&anu"h# yzDPv^L#nJ;]WZ{Zqi(  Ɖ!u%d%_)z\Kai*wdw.u!lc]|GMapeE1IQN2*Zh`.HY'yݕ4$qdi tq yg&.[e~"y6EJRr YQi6 9[,|I D#eD> T\._8!QAŊTa7XUnX`sdsG k)e;Ţ`S-]@z#Z2#tGaf9Yf\1WBreeS/Q#zѨw#^e2N11MђL0FKʨ,L$]E ^4e)봱 *[B&.}- u:Ԩ N{*!fGk,Ba@ȍzyolƽٸgF5-UX|sBWnn{h]ޜQYT.ֳY..56Xvm V:yL\.1#OlB؄ؚsE9*s%1Ѕ2N'2O m q!7cs.x0}Ϋ19)_ٙSCcQrg \KR\v ѾM?]'Il)mlvUlAPWԝV@37Ⱥ Ii*Zy3BXl@m+*Ywxqt'nyu%مN"9{Rh,No؅5M",/4Nq\l`lJtC-*$Uސ|ҋ u q_J~N@obZU9kGHk"I7T} gD4!ӊU̳ۺQ(Yv}mpqCr&6 s iwzQBGbhe'BnW F:uNki)Vin} ̥ĘrE( b"a7.` 3u%,Pzw1涙1]]{ ~GC麶Cz1Ý{%-v̝ഋ)}eE (ѥ*#'%} 2`*޹ qdWЉ?EsJ "l{9&/c"L|7*GO~7sY 2KahR)60Kf=+`~&ѽ ?c,R,[zI*2Nq inկ-0B&i2PSlTNv Yd? f5Afn97fV*`d"ޕ^ P 6F'V@O&ضf/EjB?`H7@s!a7skPmo类-^7cH}Zdri N,psFMu*XCg=5ضYymq")u$Կ1!{Bg}tC$篳q? A􀂘/8 T`sCTLFVrڑ6Fg]2)<@ӌ{ 3ϓh\lq#`^9scc-sF @|+˯MI?{P\k^(qa7]H"1p>aBm[RP@ ~K)&U>jO%[ɤ h isq}{j,Mf򱮕DL6"֓9" cox1PjZ R;jn 7pm ׂ@%NTIڕxz!dpm6" m@|b\v^w&*SLmH'] < Fԍy'4eWZN6%ӱpdk*A`L 5p:&ke' \-KI,ex47 zKk+$m;>7%i6րPQ.JD2ׇ42$\_UIFRn|i7;vI U/w.MfTD0=d+Z)Væ v06o+{*Zl7sM9T'PS Cjd)7$m"Fxm֢$Bp6(Ik[H R,\dѺȮ‚M!8OHV8-GdD4Irǰ&F[L?fq0BL oPBpPr<ݔ Ƙb`/ڀ=#ddr I12ʄbo=FoWl1+4h'3|!^pTYc]ĨAª1%l&%#G8)Æc~e+.T0F .jyƴ"UPe OkoQ"xOM+ޠ2m8EopPA&MPPݒL3론=vUƖz?Bs"cX$VzT GMSUe;i z V<65<X*ׁ.v29WCCm8􃇲?^JJ8&:d-a<9g"1(*\!+HHRg t(eԈ2REiA0yZk ʭnpb frebL  ).C~A)+/1.ܨg4^;Hgi9WA`gNԋNܫĆ6NA{}\ak-5B<A ,v4FR-zan|FIVV(>k\ϥ4q{Up%ށ!=y{u|T] J^v2cJ)LxZߠ;,R6z ; 3ZēKVd:!NA{m\dae2datخ0lMȱ| kgva{+i &˷6P`HupM1ɦyHXkn "QLO{d. g3)#Z@q-,OU\Nd#  ԚS&A IJgSS`R*8_!P@Z76ac!xGbIڡ H {]ظCz1le@%i0 QT!@vPDd3Mtt,7E@P` ?MYʱU]{o)?NLRj\lڀOJfѹ&p{Ry/Y#&NƂ.4,5sRT˃D|W&v g !qkACa ,8>Oyj;;#/& ćK+OXL r"sَ:hN}!)l8.{A 3^(]BU"::qV*fxZˏʗpzRdHLkjH]I~ iKUˆ_Zր"+佫I 3Σ/Htd6V(P5_R[YY6Ht/+pqlR!v &Ā8c.J?DpqdķakjbB5P $A"Fbl p9ѳ!,*%D.skIULp d`&p%dHV/щ![x7H\y$"s›U ƛY\9e5'bI$`ܷșS\uߨEK5ƞHd<v s)\j;e\qclZ -lOsI`aa:&TVnI 4)HGAz/w)GDŽ .W:|A&<'^ B4% T@M#W+Z -=-J;tƪda_S%#R^ȌDpזН1m$ĸDsc8d`~KM aġ 6vUҀZ4TRI%-E#iKtgQuZɲI!&أ ,\J`yj0nYmU$S .Zql qqÐL\$OU,QW\̱h€tmh.ET^yRFQểi b^T 01dJv5^!Ñ =LL?6& ZiN݉TWsPV71<;ЄtS  3o>[b4b)Jnmq3Ǎd bⲂYZ,|\Z㒺5 n a6>ĥ*lR%x_'vO9 h STgR wv`bzSwub]8 M~ 33|M<4ذ #k)BB(~NL[%i^}J& u >X5m 7hHI*3_z &Y\3yܛM*A#{CM=Ӫj"àCnk 6-i4y5K%r8DXfiH  ҚENjwv(_f3CTݬs9/@<[Tժ*'l! (I&?C8 ;R'^6 a}_eJVeuM->N[>ZXs+\Ŭq9"1mֲW.sdQ,g.9PDMCx^2,I=| \>\(5;|ɢ3 D{c/98I$PR G\Hk38OXDIRal>Ol9xzYXCPcly,G3ՁB qЧQ_p"Yr*2Ʀ%TU"^œ$㧗d* y^,R_#6A%2-.(A7hV(?\4-E8A~:))MG_(VB炣 /sࠓ,r[iW9pB|bK d.dS] J|pA ޟ ނ2ZWORlŲ#aO!D=H Ysz Ke2d7J&)(g%pgY c]hE%MV+0Z&JkO@ b2:5;e~a&dK}$wP4nN2GGs~りϖuYB+1/8#Y͉`kEu!/Ni>^ć\P‚r'H_*~_,ʨ@izX ^Q]uOe]IYc]Qy\ybE\4}zr \HqmLȫLI p3…MqDFoK$kS5YƻqW yV}&Uk^~՞U2~U]k~rL]~%Gx}([P{ƕOޟXk#vTWɴlkGMk]6[ǓȮttV,u71wp%q!>.i<:@LE_-Y>N*2]WK)=B1_ٯrf[^%d~H\ v^H{ l#A4zWS_mWݟ…({)wTA958]ocaj,ϫF}bX0wYcGUcZN,!BJm.滬*ls`N1|߱Z].8 @lok/X&׬vosirN]5% POwnp8봂&H}/M`*]&x9_#y|ag׈BЙg,5HNӤMYjGЉo(ƀխ&춠t$"]Xޯ.@F尣!ݮ# m{O4S~6֩2l6(4tmɦuzK:tlI PI7u LWeRv$jȅv5ɌբZҁo ZY1M"x޷H}Yi-6Y_;X#j!l=d#%)Ͱh-6X=&P%da'i^r Io"@_+.Wzuu f^ _^P`{gbhj#`Ӌgsly|#ʫ BB>M)ܽB\IKɃj#z/BwR  ,{sRE+f*_u+\v$ 0-"k*{꺧ޝl]cOJv+{q.WձqTީ/TWeݦ`A9o},bp 5/ bS22OQo1<#9NPO@4PC݀:"ETAOP"92{8O7}L V]"8hO >SeDDѭ@H?zZ)GTcsId̢ ,>L/˳ {+l^-lUUu%Q,*