Anti Malware Security And Brute Force Firewall
Monthly
Authenticated PHP object injection in the WordPress 'Anti-Malware Security and Brute-Force Firewall' (GOTMLS) plugin through version 4.23.87 allows contributor-level users to inject crafted serialized PHP objects that are deserialized by the plugin. Successful exploitation can pivot through existing PHP gadget chains in WordPress or other installed plugins to achieve high-impact compromise of the site. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Authenticated PHP object injection in the WordPress 'Anti-Malware Security and Brute-Force Firewall' (GOTMLS) plugin through version 4.23.87 allows contributor-level users to inject crafted serialized PHP objects that are deserialized by the plugin. Successful exploitation can pivot through existing PHP gadget chains in WordPress or other installed plugins to achieve high-impact compromise of the site. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.