Improper Control of Generation of Code ('Code Injection') vulnerability
CVE-2024-22144

9CRITICAL

Key Information:

Vendor: WordPress
Status: Anti-malware Security And Brute-force Firewall
Vendor: CVE Published:; 25 April 2024

What is CVE-2024-22144?

A code injection vulnerability exists in the Eli Scheetz Anti-Malware Security and Brute-Force Firewall plugin, affecting versions up to 4.21.96. This issue permits unauthorized code execution due to improper controls over code generation, making it possible for an attacker to exploit the software. Users of the affected versions should prioritize application updates and review security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Anti-Malware Security and Brute-Force Firewall <= 4.21.96

References

https://patchstack.com/database/vulnerability/gotmls/word...

vdb-entry

https://sec.stealthcopter.com/cve-2024-22144/

third-party-advisorytechnical-description

https://patchstack.com/articles/critical-vulnerability-fo...

third-party-advisorytechnical-description

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2024
Vulnerability Reserved
Jan 5, 2024

Credit

stealthcopter (Patchstack Alliance)

WordPress

What is CVE-2024-22144?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit