3 matches found
WP Cerber < 8.9.3 - Broken Access Control
WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...
CVE-2021-37598
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character...
CVE-2021-37598
WP Cerber before 8.9.3 has a broken access control in the /wp-json endpoint caused by improper handling of a trailing ? character, allowing unauthorized access to protected REST API endpoints. Affected software: WP Cerber versions prior to 8.9.3. The root cause is a bypass of the access control f...