Cyber Resilience

CVE-2022-2599

MediumPublic PoC

Published: 29 August 2022

Published
29 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.3091 96.9th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-2599 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Anti-Malware Security And Brute-Force Firewall Project Anti-Malware Security And Brute-Force Firewall. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before version 4.21.83 is affected by a reflected cross-site scripting vulnerability (CWE-79). The root cause is insufficient sanitization and escaping of certain parameters that are reflected back in the administrative dashboard, allowing script execution in the context of an authenticated administrator's session. The issue carries a CVSS 3.1 score of 6.1 with a network attack vector, low complexity, no required privileges, and required user interaction.

An attacker can exploit the flaw by crafting a malicious link containing unsanitized parameters and tricking an administrator into clicking it, resulting in arbitrary script execution within the WordPress admin interface. Successful exploitation can lead to limited confidentiality and integrity impacts such as session token theft or unauthorized actions performed on behalf of the administrator, though availability is unaffected.

The referenced WPScan advisory identifies the affected plugin versions and indicates that the vulnerability is resolved in release 4.21.83 and later. Administrators are therefore advised to update the plugin to a fixed version to eliminate the reflected XSS vectors.

EPSS for this CVE reached a peak of 0.4733 after disclosure before settling at the current value of 0.3091, indicating that exploitation interest increased measurably following public release.

EU & UK References

Vulnerability details

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

anti-malware security and brute-force firewall project
anti-malware security and brute-force firewall
≤ 4.21.83

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References