CVE-2022-0953

Name of the Vulnerable Software and Affected Versions Anti-Malware Security and Brute-Force Firewall WordPress plugin versions prior to 4.20.96

Description The issue arises from the failure to sanitise and escape the QUERY STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters.

Recommendations For versions prior to 4.20.96, update to version 4.20.96 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages to minimize the risk of exploitation.