CVE-2022-2599
Published: 29 August 2022
Summary
CVE-2022-2599 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Anti-Malware Security And Brute-Force Firewall Project Anti-Malware Security And Brute-Force Firewall. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before version 4.21.83 is affected by a reflected cross-site scripting vulnerability (CWE-79). The root cause is insufficient sanitization and escaping of certain parameters that are reflected back in the administrative dashboard, allowing script execution in the context of an authenticated administrator's session. The issue carries a CVSS 3.1 score of 6.1 with a network attack vector, low complexity, no required privileges, and required user interaction.
An attacker can exploit the flaw by crafting a malicious link containing unsanitized parameters and tricking an administrator into clicking it, resulting in arbitrary script execution within the WordPress admin interface. Successful exploitation can lead to limited confidentiality and integrity impacts such as session token theft or unauthorized actions performed on behalf of the administrator, though availability is unaffected.
The referenced WPScan advisory identifies the affected plugin versions and indicates that the vulnerability is resolved in release 4.21.83 and later. Administrators are therefore advised to update the plugin to a fixed version to eliminate the reflected XSS vectors.
EPSS for this CVE reached a peak of 0.4733 after disclosure before settling at the current value of 0.3091, indicating that exploitation interest increased measurably following public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34846
Vulnerability details
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.