Back
WordPress All In One WP Security & Firewall plugin <= 4.4.5 - Authenticated Cross-Site Scripting (XSS) vulnerability
- Product
- All In One WP Security & Firewall
- Description
- Authenticated Cross-Site Scripting (XSS) vulnerability found by WonTae Jang in WordPress All In One WP Security & Firewall plugin (versions <= 4.4.5).
- Solution
- Update the WordPress All In One WP Security & Firewall plugin to the latest available version (at least 4.4.6)
- Classification
-
Type Cross Site Scripting (XSS)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- References
-
CVE
Plugin changelog
Vulnerability fix details
- CVE
- Name CVE-2020-29171
- Versions
-
Affected In
<= 4.4.5
Fixed In 4.4.6
- Disclosure date
- 2021-02-11
- Credits
- WonTae Jang