ThreatPress

WordPress Vulnerability Database

Back

WordPress All In One WP Security & Firewall plugin <= 4.4.5 - Authenticated Cross-Site Scripting (XSS) vulnerability

Product
All In One WP Security & Firewall
Description
Authenticated Cross-Site Scripting (XSS) vulnerability found by WonTae Jang in WordPress All In One WP Security & Firewall plugin (versions <= 4.4.5).
Solution
Update the WordPress All In One WP Security & Firewall plugin to the latest available version (at least 4.4.6)
Classification
Type Cross Site Scripting (XSS)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE
Plugin changelog
Vulnerability fix details
CVE
Name CVE-2020-29171
Versions
Affected In <= 4.4.5
Fixed In 4.4.6
Disclosure date
2021-02-11
Credits
WonTae Jang