Lucene search
K

44 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through = 4.23.89...

5.8CVSS0.00201EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago7 views

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.89 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.89...

5.8CVSS6.1AI score0.00201EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36938

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS5.3AI score0.00428EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39478

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.30 views

CVE-2026-39478 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS0.00428EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49380

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS5.3AI score0.00428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:28 p.m.7 views

CVE-2021-47977

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:28 p.m.8 views

CVE-2021-47977 WordPress Anti-Malware Security Bruteforce Firewall <= 4.20.72 Directory Traversal

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:28 p.m.11 views

EUVD-2021-34837

WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicatordownload action via admin-ajax.php wit...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.13 views

PT-2026-41463

Name of the Vulnerable Software and Affected Versions Anti-Malware Security and Bruteforce Firewall version 4.20.59 Description A directory traversal issue allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the 'duplicator...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/04/20 2:55 p.m.14 views

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.87...

5.8AI score0.00428EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/10/29 4:27 a.m.38 views

CVE-2025-11705 Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...

6.5CVSS0.00572EPSS
Exploits0References3
CVE
CVE
added 2025/10/29 4:27 a.m.32 views

CVE-2025-11705

CVE-2025-11705 affects the WordPress plugin Anti-Malware Security and Brute-Force Firewall (GOTMLS AJAX actions) with Arbitrary File Read via missing authorization, enabling authenticated Subscriber+ attackers to read arbitrary server files. A fix is available in version 4.23.83 (update to 4.23.8...

6.5CVSS4.7AI score0.00572EPSS
In wildExploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2021-12013

Malware in sbrugna...

4.8CVSS4.9AI score0.00598EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-19740

Malicious code in bioql PyPI...

9CVSS6.5AI score0.00869EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:9 a.m.9 views

CVE-2022-2599

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.0102EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 p.m.13 views

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

6.1CVSS6AI score0.03013EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:47 p.m.8 views

CVE-2024-22144

Improper Control of Generation of Code 'Code Injection' vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96...

9CVSS5.2AI score0.00869EPSS
Exploits0References1
NVD
NVD
added 2024/04/25 9:15 a.m.31 views

CVE-2024-22144

Improper Control of Generation of Code 'Code Injection' vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96...

9CVSS9.3AI score0.00869EPSS
Exploits0References3
CVE
CVE
added 2024/04/25 8:25 a.m.78 views

CVE-2024-22144

The CVE-2024-22144 entry relates to the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” ≤ 4.21.96, where an improper control of code generation enables unauthenticated code execution (RCE) via a predictable nonce/brute-force approach. Affected component: the plugin’s nonce/autho...

9CVSS5.2AI score0.00869EPSS
Exploits0References3
Rows per page
Query Builder