Test ID:	1.3.6.1.4.1.25623.1.0.147732
Category:	Web application abuses
Title:	WordPress Anti-Malware Security and Brute-Force Firewall Plugin < 4.20.94 XSS Vulnerability
Summary:	The WordPress plugin 'Anti-Malware Security and Brute-Force; Firewall' is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: The WordPress plugin 'Anti-Malware Security and Brute-Force Firewall' is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The plugin does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a reflected XSS. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user. Affected Software/OS: WordPress Anti-Malware Security and Brute-Force Firewall plugin prior to version 4.20.94. Solution: Update to version 4.20.94 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-25101 https://wpscan.com/vulnerability/5fd0380c-0d1d-4380-96f0-a07be5a61eba
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.