cleantalk
Vulnerabilities and Security Researches

Anti-Malware Security and Brute-Force Firewall, CVE-2021-25101

CVE, Research URL

CVE-2021-25101

Home page URL

Security reports for Anti-Malware Security and Brute-Force Firewall

Application

Anti-Malware Security and Brute-Force Firewall

Published on
Feb 21, 2022
Research Description
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user.
Affected versions
max 4.20.94.
Status
vulnerable
Previous vulnerability researches
Anti-Malware Security and Brute-Force Firewall (CVE-2022-2599) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2021-25101) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2022-4327) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2022-0953) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2024-22144) , Jun 06, 2024
New vulnerability
Advanced Editor Tools , May 01, 2026
Really Simple SSL , May 01, 2026
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2026-39465) , May 01, 2026
PDF Invoices & Packing Slips for WooCommerce (CVE-2026-39472) , May 01, 2026
Anti-Malware Security and Brute-Force Firewall (CVE-2026-39478) , May 01, 2026