The Anti-Malware Security and Brute-Force Firewall WordPress plugin prior to 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
download anti-malware security and brute-force firewall project download anti-malware security and brute-force firewall |