3 matches found
CVE-2021-25101
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin...
CVE-2021-25101 Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin...
CVE-2021-25101
CVE-2021-25101 concerns the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” (≤ 4.20.93) where POST data is not properly sanitised/escaped before being output in admin page attributes, enabling a reflected XSS. Exploitation is constrained to interactions involving admin users (ad...