← back
CVE-2021-47977

WordPress Anti-Malware Security Bruteforce Firewall <= 4.20.72 Directory Traversal

CVSS 8.7 HIGHEPSS 0.7%CWE-22
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via admin-ajax.php with path traversal sequences to access sensitive system files outside the intended directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Gotmls · Malware Security and Bruteforce Firewall
public PoCs found1
cve_referencewww.exploit-db.com/exploits/50107unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gotmls.net/https://gotmls.net/downloads/https://www.exploit-db.com/exploits/50107https://www.vulncheck.com/advisories/wordpress-anti-malware-security-bruteforce-firewall-directory-traversal