WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Anti-Malware Security and Brute-Force Firewall versions = 4.23.87...

CVE-2025-11705 Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS AJAX actions. This makes it possible for authenticat...

CVE-2025-11705

CVE-2025-11705 affects the WordPress plugin Anti-Malware Security and Brute-Force Firewall (GOTMLS AJAX actions) with Arbitrary File Read via missing authorization, enabling authenticated Subscriber+ attackers to read arbitrary server files. A fix is available in version 4.23.83 (update to 4.23.8...

WordPress plugin Anti-Malware Security and Brute-Force Firewall 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

EUVD-2024-19740

Malicious code in bioql PyPI...

CVE-2022-2599

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting...

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...

CVE-2024-22144

Improper Control of Generation of Code 'Code Injection' vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96...

Anti-Malware Security and Brute-Force Firewall < 4.23.56 - Unauthenticated Remote Code Execution

Description The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.21.96 due to weak nonce generation combined with missing authorization. This makes it possible for unauthenticated attackers to brute...

CVE-2024-22144

The CVE-2024-22144 entry relates to the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” ≤ 4.21.96, where an improper control of code generation enables unauthenticated code execution (RCE) via a predictable nonce/brute-force approach. Affected component: the plugin’s nonce/autho...

WordPress plugin Anti-Malware Security and Brute-Force Firewall 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress Anti-Malware Security and Brute-Force Firewall Plugin <= 4.21.96 is vulnerable to Remote Code Execution (RCE)

Software Anti-Malware Security and Brute-Force Firewall Type Plugin Vulnerable versions = 4.21.96 Fixed in 4.23.56 OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-22144 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 7fc7064849ae Credits...

PT-2024-19231 · Unknown · Anti-Malware Security/Brute-Force Firewall

Name of the Vulnerable Software and Affected Versions: Anti-Malware Security and Brute-Force Firewall versions through 4.21.96 Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. This problem affects over...

WordPress Anti-Malware Security and Brute-Force Firewall Plugin < 4.21.86 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress plugin Anti-Malware Security and Brute-Force Firewall 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Anti-Malware Security and Brute-Force Firewall < 4.21.86 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC 1. To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

WordPress Anti-Malware Security and Brute-Force Firewall Plugin < 4.20.96 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Anti-Malware Security and Brute-Force Firewall Plugin < 4.21.83 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-2599

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting...