The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin us...
4.8CVSS
4.8AI Score
0.001EPSS
The Shield Security WordPress plugin before 13.0.6 does not sanitise and escape admin notes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
4.8CVSS
4.8AI Score
0.001EPSS
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
6.1CVSS
5.9AI Score
0.001EPSS
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting
6.1CVSS
5.9AI Score
0.001EPSS