WordPress News

Vulnerability Found in WordPress Anti-Malware Firewall

Researchers found a reflected cross-site scripting vulnerability in a popular WordPress anti-malware plugin. An attacker can exploit this vulnerability to compromise the account of an administrator on the affected website.

It is Anti-Malware Security and Brute-Force Firewall that was discovered to contain the vulnerability, affecting over 200K websites worlwide.

This plugin provides website protection as a firewall (to block incoming threats), as well as database injection protection and backdoor hack detection.

Websites with a premium version are protected against brute force attacks, which attempt to guess passwords as well as blocking DDoS attacks.

There was a vulnerability in this plugin that allowed for reflected XSS attack.

As far as cross-site scripting is concerned, a reflected cross-site scripting vulnerability occurs when a WordPress website does not properly limit what can be entered on the site.

If the upload is not restricted, it is akin to leaving the front door open, and letting anything pass through.

In order to exploit this vulnerability, a hacker uploads a script on the website and forces it to reflect it back.

Visitors with administrator-level access will find that when they go to the compromised URL created by the attacker, they will find that the script will be activated with the admin permissions stored in their browser.

Supriyo Das

A Blogger, Web developer, SEO specialist, and professional writer. I own more than ten blogs; all are generating thousands of dollars every month. I work closely with web development. With my experience, I want to help online startups through engaging and actionable content.

Share
Published by
Supriyo Das

Recent Posts

6 Best Tax preparer website templates 2022

Are you looking for the best tax preparer website templates to create an amazing website…

3 days ago

5 Best Task Management WordPress Theme and Plugins in 2022

Are you looking for Task Management WordPress Theme and plugins for your business? Do you…

3 days ago

7 Best Public Speaker Website Templates in 2022

Are you looking for the best Public Speaker Website Templates for 2022 to present yourself…

3 days ago

5 Best Software developer portfolio WordPress theme in 2022

Are you looking for the best software developer portfolio WordPress theme for your CV resume?…

3 days ago

7 Best Rental property website template (November 2022)

Are you looking for the best rental property website template to build a rental startup?…

3 days ago

5 Best Data Science Portfolio Website Template in 2022

Are you looking for the best data science portfolio website template in 2022? A data…

3 days ago