Unknown Anti-Malware Security And Brute-Force Firewall vulnerabilities
3 known vulnerabilities affecting unknown/anti-malware_security_and_brute-force_firewall.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-2599MEDIUMCVSS 6.1PoC≥ 4.21.83, < 4.21.832022-08-29
CVE-2022-2599 [MEDIUM] CWE-79 CVE-2022-2599: The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting
cvelistv5nvd
CVE-2022-0953MEDIUMCVSS 6.1≥ 4.20.96, < 4.20.962022-04-25
CVE-2022-0953 [MEDIUM] CWE-79 CVE-2022-0953: The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
cvelistv5nvd
CVE-2021-25101MEDIUMCVSS 4.8≥ 4.20.94, < 4.20.942022-02-21
CVE-2021-25101 [MEDIUM] CWE-79 CVE-2021-25101: The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against a
cvelistv5nvd