First published: Wed Feb 10 2021(Updated: )
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tipsandtricks-hq Wp Security \& Firewall | <4.4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-29171 is a cross-site scripting (XSS) vulnerability in the Tips and Tricks HQ All In One WP Security & Firewall plugin before version 4.4.6 for WordPress.
CVE-2020-29171 allows attackers to inject malicious scripts into the plugin, potentially compromising the security of the WordPress website.
CVE-2020-29171 has a severity level of medium with a CVSS score of 6.1.
To fix CVE-2020-29171, update the Tips and Tricks HQ All In One WP Security & Firewall plugin to version 4.4.6 or higher.
You can find more information about CVE-2020-29171 on the GitHub repository, WordPress plugin page, and the Tips and Tricks HQ website.