Vulnerability Found in WordPress Anti-Malware Firewall
The vulnerability in Reflected XSS was fixed in the Anti-Malware Security plugin and Brute-Force Firewall WordPress plugin.
An attack on a popular WordPress anti-malware plugin caused a reflected cross-site scripting vulnerability. This vulnerability can be used to compromise the administrator of affected websites.
Affected WordPress plugin
Anti-Malware Security & Brute-Force firewall are the vulnerable plugins. More than 200,000 websites use them.
Anti-Malware Security & Brute-Force Firewall plugin protects websites as a firewall to block incoming threats and as a security scanner to detect security threats such as backdoor hacks or database injections.
Premium versions protect websites from brute force attacks, which attempt to guess usernames or passwords and protect against DDoS attacks.
Reflected Cross-Site Scripting Vulnerability
The vulnerability in this plugin allowed an attacker to launch a Reflected XSS (reflected cross-site scripting) attack.
This is a vulnerability known as reflected cross-site Scripting. It refers to a WordPress website that does not allow for input restrictions.
It is like allowing almost anything to be uploaded to a website without sanitizing it.
Hackers exploit this vulnerability by uploading scripts and having websites reflect them.
An administrator visits a compromised URL with permissions. The script activates with the admin-level permissions stored on the victim’s browser.
WPScan identified this vulnerability in its report on Anti-Malware Security and Brute-Force Firewall.
“The plugin doesn’t sanitize or escape the QUERY_STRING before outputting it into an admin page. This can lead to Reflected Cross-Site Scripting in browsers that don’t encode characters.”
This vulnerability has yet to be assigned a severity score by the United States Government National Vulnerability Database.
This plugin has a vulnerability called a Reflected XSS vulnerability.
There are many other XSS vulnerabilities, but these are the main ones.
- Storage of Cross-Site Scripting Vulnerability
- Blind Cross-site Scripting
- Reflected XSS
The malicious script is set aside on the website as a stored XSS vulnerability. These are considered more dangerous because getting the hand to work with an administrator-level user is more accessible. These are not the types of malware that were found in the plugin.
A reflected XSS is when a user with administrator credentials must be convinced to click a link from an email. This will then reflect the malicious payload from a website.
The non-profit Open Web Application Security Project explains a Reflected XSS such as this.
“Reflected Attacks” are when the injected script is reflected in the web server. This could be in an error message, search result, or any other response containing some or all the input sent to it as part of the request.
Reflected attacks are sent to victims through another route, such as email or via a website.
Version 4.20.96 Recommend
Before updating any plugins or themes, it is a good idea to make a backup of your WordPress files.
The vulnerability has been riveted in Version 4.20.96 (Anti-Malware Security and Brute-Force Firewall WordPress plugin).
It is recommended that users of the plug-in reform to version 4.20.96.