A popular WordPress anti-malware plugin was discovered to have a reflected cross-site scripting vulnerability. This is a type of vulnerability that can allow an attacker to compromise an administrator level user of the affected website.
Affected WordPress Plugin
The plugin discovered to contain the vulnerability is Anti-Malware Security and Brute-Force Firewall, which is used by over 200,000 websites.
Anti-Malware Security and Brute-Force Firewall is a plugin that defends a website as a firewall (to block incoming threats) and as a security scanner, to check for security threats in the form of backdoor hacks and database injections.
A premium version defends websites against brute force attacks that try to guess password and usernames and protects against DDoS attacks.
Reflected Cross-Site Scripting Vulnerability
This plugin was found to contain a vulnerability that allowed an attacker to launch a Reflected Cross-Site Scripting (reflected XSS) attack.
A reflected cross-site scripting vulnerability in this context is one in which a WordPress website does not properly limit what can be input into the site.
That failure to restrict (sanitize) what is being uploaded is essentially like leaving the front door of the website unlocked and allowing virtually anything to be uploaded.
A hacker takes advantage of this vulnerability by uploading a script and having the website reflect it back.
When someone with administrator level permissions visits a compromised URL created by the attacker, the script is activated with the admin-level permissions stored in the victim’s browser.
The WPScan report on the Anti-Malware Security and Brute-Force Firewall described the vulnerability:
“The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters”
The United States Government National Vulnerability Database has not yet assigned this vulnerability a severity level score.
The vulnerability in this plugin is called a Reflected XSS vulnerability.
There are other kinds of XSS vulnerabilities but these are three main types:
- Stored Cross-Site Scripting Vulnerability (Stored…