147 matches found
WP Cerber < 8.9.3 - Broken Access Control
WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...
WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Cross-Site Scripting
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. id: CVE-2022-0429 info: name: W...
CVE-2016-10990
The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...
CVE-2022-0429
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...
EUVD-2021-24155
Malware in sbrugna...
EUVD-2021-24156
Malware in sbrugna...
EUVD-2022-52024
Malicious code in bioql PyPI...
CVE-2022-4100
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...
CVE-2022-2939
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
CVE-2022-4417
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
CVE-2021-37598
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character...
CVE-2021-37597
WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...
WordPress WP Cerber Security plugin <= 9.4 - IP Protection Bypass vulnerability
IP Protection Bypass vulnerability discovered by chihyu in WordPress Plugin WP Cerber Security versions = 9.4...
WordPress WP Cerber Security Plugin <= 9.4 is vulnerable to Bypass Vulnerability
Software WP Cerber Security Type Plugin Vulnerable versions = 9.4 Fixed in 9.5 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4100 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e81948cda6a5 Credits chihyu Required privilege...
CVE-2022-4100
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...
CVE-2022-4100
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...
CVE-2022-4100 WP Cerber Security <= 9.4 - IP Protection Bypass
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...
CVE-2022-4100
CVE-2022-4100 affects the WP Cerber Security, Anti-spam & Malware Scan WordPress plugin. It allows an IP Protection bypass in all versions up to and including 9.4 by relying on the visitor IP check, enabling an attacker whose IP is blocked to bypass the block by sending X-Forwarded-For: . The con...
WordPress plugin WP Cerber Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber aka C3RB3R ransomware. The attacks leverage CVE-2023-22518 CVSS score: 9.1, a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...