Improper Control of Generation of Code ('Code Injection') vulnerability
CVE-2024-22144

9CRITICAL

Key Information:

Vendor
WordPress
Status
Anti-malware Security And Brute-force Firewall
Vendor
CVE Published:
25 April 2024

Summary

A code injection vulnerability exists in the Eli Scheetz Anti-Malware Security and Brute-Force Firewall plugin, affecting versions up to 4.21.96. This issue permits unauthorized code execution due to improper controls over code generation, making it possible for an attacker to exploit the software. Users of the affected versions should prioritize application updates and review security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Anti-Malware Security and Brute-Force Firewall <= 4.21.96

References

https://patchstack.com/database/vulnerability/gotmls/word...
vdb-entry
https://sec.stealthcopter.com/cve-2024-22144/
third-party-advisorytechnical-description
https://patchstack.com/articles/critical-vulnerability-fo...
third-party-advisorytechnical-description

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

stealthcopter (Patchstack Alliance)
.