Lucene search
WpvulndbWPVDB-ID:B2E65549-B0D2-47A9-8D38-0B798F1122CCHistoryFeb 10, 2021 - 12:00 a.m.
All In One WP Security & Firewall < 4.4.6 - Authenticated Cross-Site Scripting (XSS)
2021-02-1000:00:00
wpscan.com
12
wordpress
security
xss
administrators
banned user agents
settings
plugin vulnerability
EPSS
0.001
Percentile
33.5%
The plugin did not escape the banned user agents in its settings before output, which may allow administrators to enter malicious UA with XSS payloads under certain conditions. Note: We were not able to reproduce the issue.
Related
cvelist
cvelist
CVE-2020-29171
2021-02-10 14:23:40
nvd
nvd
CVE-2020-29171
2021-02-10 15:15:13
cve
cve
CVE-2020-29171
2021-02-10 15:15:13
patchstack
patchstack
osv
osv
CVE-2020-29171
2021-02-10 15:15:13
prion
prion
Cross site scripting
2021-02-10 15:15:00
openvas
openvas
WordPress All In One WP Security & Firewall Plugin < 4.4.6 XSS Vulnerability
2021-02-11 00:00:00