CVE-2020-29171
MEDIUMTips and Tricks HQ All In One WP Security & Firewall <4.4.6 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.
References (3)
Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin
Patch, Third Party Advisory x_refsource_confirm
https://github.com/Arsenal21/all-in-one-wordpress-security/commit/4130906bc049b195467b4fc6980d6d304fbe28d5
Release Notes, Third Party Advisory x_refsource_confirm
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#developers
Scores
CVSS v3
6.1
EPSS
0.0149
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
tipsandtricks-hq/wp_security_\&_firewall
< 4.4.6
Published
Feb 10, 2021
Tracked Since
Feb 18, 2026