The plugin did not escape the banned user agents in its settings before output, which may allow administrators to enter malicious UA with XSS payloads under certain conditions. Note: We were not able to reproduce the issue.
CPE | Name | Operator | Version |
---|---|---|---|
all-in-one-wp-security-and-firewall | lt | 4.4.6 |