Researchers found a reflected cross-site scripting vulnerability in a popular WordPress anti-malware plugin. An attacker can exploit this vulnerability to compromise the account of an administrator on the affected website.
It is Anti-Malware Security and Brute-Force Firewall that was discovered to contain the vulnerability, affecting over 200K websites worlwide.
This plugin provides website protection as a firewall (to block incoming threats), as well as database injection protection and backdoor hack detection.
Websites with a premium version are protected against brute force attacks, which attempt to guess passwords as well as blocking DDoS attacks.
There was a vulnerability in this plugin that allowed for reflected XSS attack.
As far as cross-site scripting is concerned, a reflected cross-site scripting vulnerability occurs when a WordPress website does not properly limit what can be entered on the site.
If the upload is not restricted, it is akin to leaving the front door open, and letting anything pass through.
In order to exploit this vulnerability, a hacker uploads a script on the website and forces it to reflect it back.
Visitors with administrator-level access will find that when they go to the compromised URL created by the attacker, they will find that the script will be activated with the admin permissions stored in their browser.