Researchers Uncover Security Issue in WordPress Anti-Malware Firewall

Researchers Uncover Security Issue in WordPress Anti-Malware Firewall

A mirrored cross-site scripting (XSS) vulnerability was recently discovered in a popular WordPress security plugin. If specific requirements are satisfied, this kind of vulnerability may enable attackers to take advantage of administrator-level users.

Plugin Impacted

Over 200,000 WordPress websites have the Anti-Malware Security and Brute-Force Firewall plugin installed. This plugin is used for two main reasons. To prevent harmful traffic from reaching the website, it first acts as a firewall. Secondly, it serves as a security scanner, identifying database injection attempts and backdoor attacks.

Additionally, security measures, such as defenses against distributed denial-of-service (DDoS) attacks and brute-force login attempts.

Understanding the Reflected XSS Issue

The plugin's vulnerability is classified as a Reflected Cross-Site Scripting (Reflected XSS) problem. Simply said, this kind of problem arises when a website does not adequately verify or clean up user-supplied data. To put it simply, this kind of problem arises when a website does not adequately verify or clean user-supplied data. Malicious code can be injected and then "reflected" back to visitors via the website's response if sufficient filtering isn't done.

In this instance, the flaw enabled hackers to create a specifically crafted URL with malicious script code. The script may run in a WordPress administrator's browser session with enhanced rights if they click on that modified link. The plugin does not adequately clean and escape the QUERY_STRING before displaying it inside an admin page, according to the security research tool WPScan. This mistake made it possible for reflected XSS attacks to occur in specific browser conditions.

At the time of reporting, the United States National Vulnerability Database had not yet assigned a severity score to this issue.

Types of XSS Vulnerabilities

Cross-site scripting vulnerabilities generally fall into three primary categories:

• Stored XSS
• Blind XSS
• Reflected XSS

Malicious scripts that are saved directly on the target page are used in stored and blind cross-site scripting attacks. Because the payload stays on the server and is easier for administrators to initiate, these kinds are frequently seen as more harmful.

The vulnerability discovered in this plugin, however, was a reflected XSS. Reflected XSS, in contrast to stored assaults, necessitates that the attacker deceive an administrator into clicking on a malicious link, which is frequently sent by email or another outside source.

Reflected cross-site scripting (XSS) is defined by the non-profit Open Web Application Security Project (OWASP) as an attack in which injected code is reflected off the web server and incorporated in a response, like an error message or search result page. The victim must interact with a crafted link for the attack to succeed.

Security Update Released

It is usually recommended that website owners make a complete backup before making any changes to plugins or themes. Version 4.20.96 of the Anti-Malware Security and Brute-Force Firewall plugin fixes the vulnerability.

Maintaining WordPress security requires updating plugins, especially those that are meant to protect against online attacks.

Final Thoughts

Vulnerabilities can exist in even security-focused plugins, underscoring the significance of proactive maintenance and frequent upgrades. Patching this vulnerability instantly lowers potential danger, even though it required certain conditions to be exploited. Regular upgrades and security monitoring are still crucial for WordPress site owners to safeguard administrator accounts and preserve the integrity of their entire website