There was a vulnerability that was found in a WordPress Anti-Malware Security and Brute-Force Firewall plugin for use on WordPress. It defends a website like it's a firewall and it also works as a security scanner to scan for threats. The premium version of this defends against brute force attacks where a hacker uses a bot to guess your password. There are many XSS vulnerabilities but the main types are stored cross-site scripting, blind cross-site scripting, and reflected.
- The plugin contained the Anti-Malware Security and Brute-Force Firewall which has been used by over 200,000 websites.
- This plugin defends a website as a firewall and checks for security threats in the form of backdoor hacks.
- The premium version of this plugin will defend websites against brute force attacks that try to guess passwords and usernames.
“A reflected cross-site scripting vulnerability in this context is one in which a WordPress website does not properly limit what can be input into the site.”