Vulnerabilities > CVE-2021-25101 - Unspecified vulnerability in Anti-Malware Security and Brute-Force Firewall Project Anti-Malware Security and Brute-Force Firewall

047910
CVSS 4.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE

Summary

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user.

Vulnerable Configurations

Part Description Count
Application
Anti-Malware_Security_And_Brute-Force_Firewall_Project
29