Vulnerabilities and security researches forminiorange-malware-protection miniorange-malware-protection
Direction: ascendingJun 07, 2024
Malware Scanner # CVE-2024-25902
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 28, 2024
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2.
- Affected versions
-
max 4.7.3.
- Status
-
vulnerable
Malware Scanner # CVE-2022-1995
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 27, 2022
- Research Description
- The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
- Affected versions
-
max 4.5.2.
- Status
-
vulnerable
Malware Scanner # CVE-2023-52176
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 04, 2024
- Research Description
- Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1.
- Affected versions
-
max 4.7.2.
- Status
-
vulnerable
Malware Scanner # CVE-2024-2172
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 13, 2024
- Research Description
- The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator.
- Affected versions
-
max 4.7.3.
- Status
-
vulnerable