Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF

ID WPVDB-ID:35D8C81C-1D23-4A55-B9C7-E77171AB8B9C
Type wpvulndb
Reporter blinkms
Modified 2019-10-31T23:05:18


The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a XSS & CSRF security vulnerability.


XSS vulnerability in has been identified. While I scan a site with that plugin , i had a file '">.png and it was skippped , but result was javascript execution , confirming the existence of XSS vulnerability . An attacker , when have access to files , can modify file and can stop scanning , can hijack cookies , can bypass malware checks / stop scanning process or redirect to malicious websites as well . CSRF Vulnerability :- All the forms on Anti-Malware Security and Brute-Force Firewall Plugin were vulnerable to CSRF vulnerability as they lack wp_nonce parameter in all forms they had .