Details of VAR-202202-1638

ID

VAR-202202-1638

CVE

CVE-2021-25101

TITLE

Anti-Malware Security and Brute-Force Firewall WordPress Cross-site scripting vulnerability in plugins

Trust: 0.8

sources: JVNDB: JVNDB-2022-005923

DESCRIPTION

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user. WordPress is a blogging platform developed by the WordPress (Wordpress) foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Attackers can use this vulnerability to execute cross-site Site scripting attack

Trust: 1.71

sources: NVD: CVE-2021-25101 // JVNDB: JVNDB-2022-005923 // VULHUB: VHN-383822

AFFECTED PRODUCTS

vendor:	anti malware security and brute force firewall	model:	anti-malware security and brute-force firewall	scope:	lt	version:	4.20.94	Trust: 1.0
vendor:	anti malware security and brute force firewall	model:	anti-malware security and brute-force firewall	scope:	eq	version:	4.20.94	Trust: 0.8
vendor:	anti malware security and brute force firewall	model:	anti-malware security and brute-force firewall	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005923 // NVD: CVE-2021-25101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25101
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-25101
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-1692
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-383822
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-25101
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-383822
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-25101
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25101
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-383822 // JVNDB: JVNDB-2022-005923 // CNNVD: CNNVD-202202-1692 // NVD: CVE-2021-25101

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: VULHUB: VHN-383822 // JVNDB: JVNDB-2022-005923 // NVD: CVE-2021-25101

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1692

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202202-1692

PATCH

title:	Anti-Malware Security and Brute-Force Firewall	url:	https://wordpress.org/plugins/gotmls/	Trust: 0.8
title:	WordPress Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184190	Trust: 0.6

sources: JVNDB: JVNDB-2022-005923 // CNNVD: CNNVD-202202-1692

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25101	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005923	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-1692	Trust: 0.6
db:	CNVD	id:	CNVD-2022-51179	Trust: 0.1
db:	VULHUB	id:	VHN-383822	Trust: 0.1

sources: VULHUB: VHN-383822 // JVNDB: JVNDB-2022-005923 // CNNVD: CNNVD-202202-1692 // NVD: CVE-2021-25101

REFERENCES

url:	https://wpscan.com/vulnerability/5fd0380c-0d1d-4380-96f0-a07be5a61eba	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25101	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2021-25101/	Trust: 0.6

sources: VULHUB: VHN-383822 // JVNDB: JVNDB-2022-005923 // CNNVD: CNNVD-202202-1692 // NVD: CVE-2021-25101

SOURCES

db:	VULHUB	id:	VHN-383822
db:	JVNDB	id:	JVNDB-2022-005923
db:	CNNVD	id:	CNNVD-202202-1692
db:	NVD	id:	CVE-2021-25101

LAST UPDATE DATE

2024-08-14T13:42:58.356000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-383822	date:	2022-02-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-005923	date:	2023-06-19T09:14:00
db:	CNNVD	id:	CNNVD-202202-1692	date:	2022-03-01T00:00:00
db:	NVD	id:	CVE-2021-25101	date:	2022-02-28T20:43:07.457

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-383822	date:	2022-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2022-005923	date:	2023-06-19T00:00:00
db:	CNNVD	id:	CNNVD-202202-1692	date:	2022-02-21T00:00:00
db:	NVD	id:	CVE-2021-25101	date:	2022-02-21T11:15:08.920