Update the WordPress All In One WP Security & Firewall plugin to the latest available version (at least 5.1.1).
Yeraisci discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress All In One WP Security & Firewall Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 5.1.1.
Authenticated Arbitrary Redirect / Reflected XSS vulnerability
Authenticated CrossSite Scripting (XSS) vulnerability
Reflected CrossSite Scripting (XSS) vulnerability
Cross Site Scripting