23 matches found
CVE-2022-0429
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...
CVE-2022-4100
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...
CVE-2022-2939
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
CVE-2022-4417
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
WordPress plugin WP Cerber Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin < 9.3.3 Authorization Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cerber:wpcerbersecurity%2canti-spam%26malwarescan";...
Cross site scripting
The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...
CVE-2022-4712
The CVE-2022-4712 entry applies to the WordPress WP Cerber Security plugin (versions up to 9.1). The vulnerability is a stored cross-site scripting (XSS) in the log parameter during login, exploitable by unauthenticated attackers. Impact: injected scripts execute in pages accessed by users, with ...
CVE-2022-4712 WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting
The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...
PT-2023-15174 · WordPress · Wp Cerber Security
Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including, 9.1 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the log parameter when logging in to the site. This makes it...
CVE-2022-4417
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
Authentication flaw
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
CVE-2022-4417
CVE-2022-4417 affects the WordPress plugin WP Cerber Security, Anti-spam & Malware Scan older than 9.3.3. The issue is improper access control of the REST API users endpoint when the blog is hosted in a subdirectory, enabling potential user enumeration. The practical impact is limited to informat...
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress WP Cerber Security 9.0 and prior versions, which stems from incorrect validation of the value provided for the author parameter in the ~/cerber-load.php file. An attacker can exploit the vulnerability to launch a user enumeration attack.
FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. An information disclosure vulnerability exists in Flyte FlyteAdmin versions prior to 1.1.44, which stems from the fact that users who enable the...
CVE-2022-2939
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
CVE-2022-2939 WP Cerber Security <= 9.0 - User Enumeration Bypass
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...
CVE-2022-2939
CVE-2022-2939 affects the WP Cerber Security plugin for WordPress up to version 9.0. The vulnerability arises from improper validation of the author parameter in cerber-load.php, where non-numeric input can bypass the numeric-only protection, enabling user enumeration by unauthenticated attackers...
WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin < 8.9.6 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-0429 WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...
CVE-2022-0429
CVE-2022-0429 affects the WordPress plugin “WP Cerber Security, Anti-spam & Malware Scan”