Anti-Malware Security & Brute-Force Firewall <= 4.15.42 - XSS & CSRF

Proof of Concept
XSS vulnerability in has been identified.

While I  scan a  site with that plugin , i had  a file '"><img src=xx onerror=prompt(0)>.png and it was skippped , but result was javascript execution , confirming the existence of XSS vulnerability .

An attacker , when have access to files , can modify file and can stop scanning , can hijack cookies , can bypass malware checks / stop scanning process or redirect to malicious websites as well .

CSRF Vulnerability :- 

All the forms on Anti-Malware Security and Brute-Force Firewall Plugin was vulnerable to CSRF vulnerability as they lack wp_nonce parameter in all forms they had .

Affects Plugin

fixed in version 4.15.43




Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)


Submitter blinkms
Submitter Twitter blinkms
Views 1987
Verified No


Publicly Published 2016-03-23 (almost 3 years ago)
Added 2016-03-23 (almost 3 years ago)
Last Updated 2016-04-23 (almost 3 years ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.