CVE-2020-29171

2021-02-1015:15:13

Google

osv.dev

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.7%

JSON

Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.

CPENameOperatorVersion
all-in-one-wordpress-securityeq3.9.5
all-in-one-wordpress-securityeq3.9.6

CPE	Name	Operator	Version
	all-in-one-wordpress-security	eq	3.9.5
	all-in-one-wordpress-security	eq	3.9.6

References

github.com/Arsenal21/all-in-one-wordpress-security/commit/4130906bc049b195467b4fc6980d6d304fbe28d5

wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers

www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin