CVE-2021-25101

CVE-2021-25101: Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting

Vendor Unknown
Product Anti-Malware Security and Brute-Force Firewall
Weakness CWE-79 · XSS
Published February 21, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user.

Key dates

02Disclosure timeline

February 21, 2022 CVE published
August 3, 2024 Record updated