Skip to main content

Anti-Malware Security CVE-2026-57691

| EUVDEUVD-2026-43354 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-13 Patchstack
5.8
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
5.8 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
vuln.today AI
4.7 MEDIUM

AV:N/AC:H/PR:N/UI:R matches reflected XSS requiring social engineering; S:C captures browser scope crossing; A:N as XSS does not cause availability impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 13, 2026 - 11:22 vuln.today

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eli Anti-Malware Security and Brute-Force Firewall gotmls allows Reflected XSS.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through <= 4.23.89.

AnalysisAI

Reflected cross-site scripting in the Anti-Malware Security and Brute-Force Firewall WordPress plugin (versions through 4.23.89) enables remote unauthenticated attackers to inject and execute arbitrary JavaScript in a victim's browser by tricking them into clicking a specially crafted URL. The CVSS scope change (S:C) indicates the attack crosses security boundaries, allowing script execution in the browser context beyond the plugin itself - enabling session theft, credential harvesting, or unauthorized admin actions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify target WordPress site with gotmls plugin
Delivery
Craft malicious URL with XSS payload in vulnerable parameter
Exploit
Deliver link to authenticated victim via phishing
Install
Victim clicks link, browser sends request to site
C2
Plugin reflects unsanitized input into HTTP response
Execute
Injected script executes in victim browser session
Impact
Exfiltrate session cookie or perform admin actions

Vulnerability AssessmentAI

Exploitation The victim must be a user with an active, authenticated session on the target WordPress site (most damaging if an administrator) and must click or be redirected to a crafted URL targeting the vulnerable plugin endpoint - exploitation cannot occur passively against users who do not interact with the malicious link. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 5.8 (Medium) accurately reflects the constrained real-world risk profile: AV:N confirms the attack is network-delivered, but AC:H indicates high attack complexity - reflecting XSS typically requires crafting a payload that bypasses any existing partial filtering and then successfully convincing a victim to click a malicious link. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies a WordPress site running the vulnerable gotmls plugin version and constructs a URL containing a reflected XSS payload embedded in a vulnerable parameter. The attacker delivers the link to a logged-in WordPress administrator via phishing email or social media, and when the administrator clicks the link, the plugin reflects the unescaped payload into the HTML response, causing the administrator's browser to execute the injected script - potentially exfiltrating the admin's session cookie or silently creating a rogue administrator account. …
Remediation Site administrators should update the Anti-Malware Security and Brute-Force Firewall plugin to any version released after 4.23.89 via the WordPress admin dashboard (Plugins → Updates). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57691 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy