CVE-2024-22144
WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability
CVSS Score
9.0
EPSS Score
0.0%
EPSS Percentile
0th
Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.
| CWE | CWE-94 |
| Vendor | eli scheetz |
| Product | anti-malware security and brute-force firewall |
| Published | Apr 25, 2024 |
| Last Updated | Apr 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for eli scheetz anti-malware security and brute-force firewall
Be the first to know when new critical vulnerabilities affecting eli scheetz anti-malware security and brute-force firewall are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Eli Scheetz / Anti-Malware Security and Brute-Force Firewall
n/a โค 4.21.96
References
patchstack.com: https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve sec.stealthcopter.com: https://sec.stealthcopter.com/cve-2024-22144/ patchstack.com: https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve
Credits
stealthcopter (Patchstack Alliance)