Vulnerabilities and security researches forrsfirewall rsfirewall

Jun 06, 2024

CVE, Research URL: CVE-2021-4226
Home page URL: Security reports for RSFirewall!
Application: RSFirewall!
Date: Dec 16, 2022
Research Description: RSFirewall tries to identify the original IP address by looking at different HTTP headers. A bypass is possible due to the way it is implemented.
Affected versions: Min -, max -.
Status: vulnerable

Jul 13, 2025

CVE, Research URL: CVE-2025-7518
Home page URL: Security reports for RSFirewall!
Application: RSFirewall!
Date: Jul 12, 2025
Research Description: The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions: Min -, max -.
Status: vulnerable