CVE Published: 21/02/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: WPScan |
Vendor: Unknown |
Product: Anti-Malware Security and Brute-Force Firewall Status : PUBLISHED
CVE-2021-25101 Description
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user.