CVE-2022-4100

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2022-0429

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

VulnCheck KEV: CVE-2022-0429

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

CVE-2021-37597

WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...

WordPress WP Cerber 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress WP Cerber prior to version 8.9.3, which stems from...

CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...

Design/Logic Flaw

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...