Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-4417
HistoryJan 02, 2023 - 9:49 p.m.

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

2023-01-0221:49:26
WPScan
www.cve.org
3
cve-2022-4417
wp cerber
user enumeration
rest api
subdirectory

EPSS

0.001

Percentile

40.5%

JSON

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WP Cerber Security, Anti-spam & Malware Scan",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "9.3.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

cve 1
wpvulndb 1
openvas 1
nvd 1
wpexploit 1
prion 1
cve
cve
CVE-2022-4417
2023-01-02 22:15:18
wpvulndb
wpvulndb
WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
2022-12-12 00:00:00
openvas
openvas
WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin < 9.3.3 Authorization Bypass Vulnerability
2023-10-30 00:00:00
nvd
nvd
CVE-2022-4417
2023-01-02 22:15:18
wpexploit
wpexploit
WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
2022-12-12 00:00:00
prion
prion
Authentication flaw
2023-01-02 22:15:00

EPSS

0.001

Percentile

40.5%

JSON
Related for CVELIST:CVE-2022-4417
cve1wpvulndb1openvas1nvd1wpexploit1prion1