CVE-2022-2599
published 2022-08-29CVE-2022-2599: The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in…
PriorityP432medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.02%
59.1th percentile
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| anti-malware_security_and_brute-force_firewall_project | anti-malware_security_and_brute-force_firewall | < 4.21.83 | 4.21.83 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-2599 [MEDIUM] WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
WordPress Anti-Malware Security and Brute-Force Firewall HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- ""
- "GOTMLS_mt"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a004730450221009c562b58f374ab075f41118f513cbb8a6b413c5c4d1de07877a900db2abc27ce02206a1c6ec577e51bf0c2ac87d5111466e5dcd48664b64eea3d974e580d94121329:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2022-08-29
Published