CVE-2021-25101

🗓️ 21 Feb 2022 10:45:56Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 100 Views🌐 WEB

The Anti-Malware Security and Brute-Force Firewall WordPress plugin pre-4.20.94 is vulnerable to Reflected Cross-Site Scripting

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress 跨站脚本漏洞	21 Feb 202200:00	–	cnnvd
CNVD	WordPress Anti-Malware Security and Brute-Force Firewall跨站脚本漏洞	23 Feb 202200:00	–	cnvd
Cvelist	CVE-2021-25101 Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting	21 Feb 202210:45	–	cvelist
EUVD	EUVD-2021-12013	7 Oct 202500:30	–	euvd
NVD	CVE-2021-25101	21 Feb 202211:15	–	nvd
OpenVAS	WordPress Anti-Malware Security and Brute-Force Firewall Plugin < 4.20.94 XSS Vulnerability	1 Mar 202200:00	–	openvas
Patchstack	WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.20.93 - Reflected Cross-Site Scripting (XSS) vulnerability	24 Jan 202200:00	–	patchstack
Prion	Cross site scripting	21 Feb 202211:15	–	prion
RedhatCVE	CVE-2021-25101	22 May 202519:24	–	redhatcve
wpexploit	Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting	24 Jan 202200:00	–	wpexploit

NVD

Vulners

Node

anti-malware_security_and_brute-force_firewall_project anti-malware_security_and_brute-force_firewallRange<4.20.94wordpress

[
  {
    "product": "Anti-Malware Security and Brute-Force Firewall",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.20.94",
        "status": "affected",
        "version": "4.20.94",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/5fd0380c-0d1d-4380-96f0-a07be5a61eba

Parameter	Position	Path	Description	CWE
x	request body	wp-admin/admin.php?page=GOTMLS-settings	Reflected XSS: unsanitised POST data reflected into admin page attributes.	CWE-79

21 Nov 2024 05:54Current

4.8Medium risk

Vulners AI Score4.8

CVSS 23.5

CVSS 3.14.8

EPSS0.00206

CWE-79