CVE-2024-22144 - Vulnerability Details - OpenCVE

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00716.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve
https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve
https://sec.stealthcopter.com/cve-2024-22144/

History

Tue, 28 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description	Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.	Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-25T08:25:53.719Z

Updated: 2026-04-28T16:09:08.862Z

Reserved: 2024-01-05T11:18:25.467Z

Link: CVE-2024-22144

Vulnrichment

Updated: 2024-08-01T22:35:34.902Z

NVD

Status : Deferred

Published: 2024-04-25T09:15:07.360

Modified: 2026-04-28T19:23:11.177

Link: CVE-2024-22144

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-22144", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-01-05T11:18:25.467Z", "datePublished": "2024-04-25T08:25:53.719Z", "dateUpdated": "2026-04-28T16:09:08.862Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "gotmls", "product": "Anti-Malware Security and Brute-Force Firewall", "vendor": "Eli Scheetz", "versions": [{"changes": [{"at": "4.23.56", "status": "unaffected"}], "lessThanOrEqual": "4.21.96", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "stealthcopter (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.<p>This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.</p>"}], "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:09:08.862Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://sec.stealthcopter.com/cve-2024-22144/"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.23.56 or a higher version."}], "value": "Update to 4.23.56 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22144", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T19:43:04.424278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:52:26.130Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.902Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve"}, {"tags": ["third-party-advisory", "technical-description", "x_transferred"], "url": "https://sec.stealthcopter.com/cve-2024-22144/"}, {"tags": ["third-party-advisory", "technical-description", "x_transferred"], "url": "https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://sec.stealthcopter.com/cve-2024-22144/", "tags": ["third-party-advisory", "technical-description", "x_transferred"]}, {"url": "https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve", "tags": ["third-party-advisory", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.902Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22144", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T19:43:04.424278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T19:42:29.779Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "stealthcopter (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Eli Scheetz", "product": "Anti-Malware Security and Brute-Force Firewall", "versions": [{"status": "affected", "changes": [{"at": "4.23.56", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "4.21.96"}], "packageName": "gotmls", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 4.23.56 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 4.23.56 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}, {"url": "https://sec.stealthcopter.com/cve-2024-22144/", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve", "tags": ["third-party-advisory", "technical-description"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.<p>This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-25T08:27:23.371Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22144", "state": "PUBLISHED", "dateUpdated": "2024-08-01T22:35:34.902Z", "dateReserved": "2024-01-05T11:18:25.467Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-04-25T08:25:53.719Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96."}, {"lang": "es", "value": "La vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo (\"inyecci\u00f3n de c\u00f3digo\") en Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Anti-Malware Security y Brute-Force Firewall: desde n/a hasta 4.21. 96."}], "id": "CVE-2024-22144", "lastModified": "2026-04-28T19:23:11.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-04-25T09:15:07.360", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve"}, {"source": "audit@patchstack.com", "url": "https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve"}, {"source": "audit@patchstack.com", "url": "https://sec.stealthcopter.com/cve-2024-22144/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/articles/critical-vulnerability-found-in-gotmls-plugin?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://patchstack.com/database/vulnerability/gotmls/wordpress-anti-malware-security-and-brute-force-firewall-plugin-4-21-96-unauthenticated-predictable-nonce-brute-force-leading-to-rce-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sec.stealthcopter.com/cve-2024-22144/"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "audit@patchstack.com", "type": "Secondary"}]}