CVE-2021-25101

Name of the Vulnerable Software and Affected Versions Anti-Malware Security and Brute-Force Firewall WordPress plugin versions prior to 4.20.94

Description The issue concerns a Reflected Cross-Site scripting problem. It arises because the plugin does not properly sanitise and escape POST data before displaying it in attributes on an admin page. This can be exploited by an admin user against another admin user, given the presence of a specific parameter value.

Recommendations For versions prior to 4.20.94, update to version 4.20.94 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages to minimize the risk of exploitation.