Lucene search
K

147 matches found

Nuclei
Nuclei
added yesterday26 views

WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

5.3CVSS6AI score0.0235EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday10 views

WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Cross-Site Scripting

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. id: CVE-2022-0429 info: name: W...

6.1CVSS6.4AI score0.01378EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.6 views

CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...

6.1CVSS6AI score0.01418EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.5 views

CVE-2022-0429

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

6.1CVSS6AI score0.01378EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-24155

Malware in sbrugna...

9.8CVSS9.2AI score0.02124EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-24156

Malware in sbrugna...

5.3CVSS5.6AI score0.0235EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52024

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00478EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:3 a.m.6 views

CVE-2022-4100

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...

5.3CVSS6.7AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.6 views

CVE-2022-2939

The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...

5.3CVSS6.7AI score0.00662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:33 a.m.10 views

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

5.3CVSS6.7AI score0.00671EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 p.m.7 views

CVE-2021-37598

WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character...

5.3CVSS7AI score0.0235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 p.m.15 views

CVE-2021-37597

WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...

9.8CVSS7AI score0.02124EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/09/02 3:47 a.m.4 views

WordPress WP Cerber Security plugin <= 9.4 - IP Protection Bypass vulnerability

IP Protection Bypass vulnerability discovered by chihyu in WordPress Plugin WP Cerber Security versions = 9.4...

5.3CVSS7AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/09/02 12:0 a.m.18 views

WordPress WP Cerber Security Plugin <= 9.4 is vulnerable to Bypass Vulnerability

Software WP Cerber Security Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4100 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e81948cda6a5 Credits chihyu Required privilege...

5.3CVSS6.6AI score0.00347EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/08/31 9:15 a.m.19 views

CVE-2022-4100

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...

5.3CVSS0.00347EPSS
Exploits0References2
OSV
OSV
added 2024/08/31 9:15 a.m.5 views

CVE-2022-4100

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...

5.3CVSS5.7AI score0.00347EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/31 8:35 a.m.8 views

CVE-2022-4100 WP Cerber Security <= 9.4 - IP Protection Bypass

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...

5.3CVSS6.7AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 2024/08/31 8:35 a.m.61 views

CVE-2022-4100

CVE-2022-4100 affects the WP Cerber Security, Anti-spam & Malware Scan WordPress plugin. It allows an IP Protection bypass in all versions up to and including 9.4 by relying on the visitor IP check, enabling an attacker whose IP is blocked to bypass the block by sending X-Forwarded-For: . The con...

5.3CVSS5.5AI score0.00347EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/08/31 12:0 a.m.3 views

WordPress plugin WP Cerber Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00347EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/04/17 10:57 a.m.68 views

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber aka C3RB3R ransomware. The attacks leverage CVE-2023-22518 CVSS score: 9.1, a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...

10CVSS9.6AI score0.99999EPSS
Exploits14
Rows per page
Query Builder