Vulnerability Description
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the file parameter. Attackers can send requests to the duplicator_download action via admin-ajax.php with path traversal sequences to access sensitive system files outside the intended directory.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://gotmls.net/
- https://gotmls.net/downloads/
- https://www.exploit-db.com/exploits/50107
- https://www.vulncheck.com/advisories/wordpress-anti-malware-security-bruteforce-
FAQ
What is CVE-2021-47977?
CVE-2021-47977 is a vulnerability with a CVSS score of 7.5 (HIGH). WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the fi...
How severe is CVE-2021-47977?
CVE-2021-47977 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47977?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.