CVE-2024-22144 – WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability

https://notcve.org/view.php?id=CVE-2024-22144

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96. La vulnerabilidad de control inadecuado de la generación de código ("inyección de código") en Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls permite la inyección de código. Este problema afecta a Anti-Malware Security y Brute-Force Firewall: desde n/a hasta 4.21. 96. The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.21.96 due to weak nonce generation combined with missing authorization. This makes it possible for unauthenticated attackers to brute force a valid nonce that can be used to add malware rule and execute code on the server. • https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve https://sec.stealthcopter.com/cve-2024-22144 • CWE-94: Improper Control of Generation of Code ('Code Injection') •