cleantalk
Vulnerabilities and Security Researches

Anti-Malware Security and Brute-Force Firewall, CVE-2021-25101

CVE, Research URL

CVE-2021-25101

Home page URL

Security reports for Anti-Malware Security and Brute-Force Firewall

Application

Anti-Malware Security and Brute-Force Firewall

Published on
Feb 21, 2022
Research Description
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user.
Affected versions
Min -, max 4.20.94.
Status
vulnerable
Previous vulnerability researches
Anti-Malware Security and Brute-Force Firewall (CVE-2022-2599) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2021-25101) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2022-4327) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2022-0953) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2024-22144) , Jun 06, 2024
New vulnerability
Contact Form 7 reCAPTCHA (CVE-2025-23972) , Jul 08, 2025
Easy Stripe (CVE-2025-49302) , Jul 08, 2025
Gallery Widget (CVE-2025-28969) , Jul 08, 2025
Contact Us Page – Contact People (CVE-2025-28967) , Jul 07, 2025
WP fancybox (CVE-2025-26591) , Jul 07, 2025