Anti-Malware Security and Brute-Force Firewall < 4.20.96 - Reflected Cross-Site Scripting

Anti-Malware Security and Brute-Force Firewall < 4.20.96 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

This is a type of vulnerability that can allow an attacker to compromise an administrator level user of the affected website

This is a type of vulnerability that can allow an attacker to compromise an administrator level user of the affected website

This vulnerability has not yet been assigned a severity level by the United States Government National Vulnerability Database.

Version 4.20.96 of the Anti-Malware Security and Brute-Force Firewall WordPress plugin contains a fix for the vulnerability..

When security practices is not followed as per Codex recommendation such issues appears.

The WordPress core is already very secure. User do not need to install this type of plugin at all.

The best security in this world is using no plugin, keeping always up to date and having regular backup of site. That's it.