WordPress Plugin Vulnerabilities

Anti-Malware & Brute-Force Security by ELI < 4.15.20 - Multiple Reflected XSS

Description

The Anti-Malware Security and Brute-Force Firewall WordPress plugin was affected by a Multiple Reflected XSS security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
gotmls
Fixed in 4.15.20

References

URL
https://web.archive.org/web/20160314072650/https://software-talk.org/blog/2015/05/reflected-xss-vulnerability-gotmls/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Tim Coen
Verified
No
WPVDB ID
8eb5ad4c-e556-4872-82ee-9e8a9f25e7d5

Timeline

Publicly Published
2015-05-15 (about 10 years ago)
Added
2015-05-15 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-04-16
Title
Bulk Block Converter <= 1.0.1 - Reflected Cross-Site Scripting
Published
2025-12-12
Title
Custom Post Type UI < 1.18.2 - Admin+ Stored XSS via 'label' Import Parameter
Published
2023-12-01
Title
PowerPack Pro for Elementor < 2.9.24 - Reflected Cross-Site Scripting
Published
2025-10-31
Title
Employee Spotlight – Team Member Showcase & Meet the Team Plugin < 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-02
Title
Staff Directory Plugin: Company Directory <= 4.3 - Unauthenticated Stored Cross-Site Scripting