How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

All In One WP Security & Firewall < 4.4.4 - CSRF & XSS

Description

Antony Garand of Sucuri discovered that multiple WordPress plugins were vulnerable to Cross-Site Scripting (XSS) within the admin panel, which could be exploited by using s Cross-Site Request Forgery (CSRF) attack.

The vulnerability affecting the All In One WP Security & Firewall plugin required the victim to be running an older web browser to be exploited.

Affects Plugins

all-in-one-wp-security-and-firewall

Fixed in version 4.4.4

References

URL

https://blog.sucuri.net/2020/09/reflected-xss-in-wordpress-plugin-admin-pages.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Antony Garand (Sucuri)

Verified

No

WPVDB ID

534cdd29-4d24-4105-80df-4764f7d7c55a

Timeline

Publicly Published

2020-09-09 (about 3 years ago)

Added

2020-09-09 (about 3 years ago)

Last Updated

2020-09-10 (about 3 years ago)

Our Other Services

WPScan WordPress Security Plugin