Vulnerabilities and security researches forrsfirewall rsfirewall

Jun 06, 2024

CVE, Research URL: CVE-2021-4226
Home page URL: Security reports for RSFirewall!
Application: RSFirewall!
Date: Dec 16, 2022
Research Description: RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.
Affected versions: max 1.1.25.
Status: vulnerable

Jul 13, 2025

CVE, Research URL: CVE-2025-7518
Home page URL: Security reports for RSFirewall!
Application: RSFirewall!
Date: Jul 12, 2025
Research Description: The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: max 1.1.43.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2026-25341
Home page URL: Security reports for RSFirewall!
Application: RSFirewall!
Date: Mar 25, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RSJoomla! RSFirewall! rsfirewall allows Stored XSS.This issue affects RSFirewall!: from n/a through <= 1.1.45.
Affected versions: max 1.1.45.
Status: vulnerable