WP Cerber < 8.9.3 - Broken Access Control

WP Cerber 8.9.3 contains a bypass of /wp-json access control caused by improper handling of trailing '?' character, letting unauthorized users access protected REST API endpoints, exploit requires sending a request with a trailing '?'. id: CVE-2021-37598 info: name: WP Cerber 8.9.3 - Broken Acces...

CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...

CVE-2022-0429

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

EUVD-2021-24155

Malware in sbrugna...

EUVD-2021-24156

Malware in sbrugna...

EUVD-2022-52024

Malicious code in bioql PyPI...

CVE-2022-4100

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the...

CVE-2022-2939

The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2021-37598

WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character...

CVE-2021-37597

WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...

WordPress plugin WP Cerber Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin < 9.3.3 Authorization Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cerber:wpcerbersecurity%2canti-spam%26malwarescan";...

Cross site scripting

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...

CVE-2022-4712

The CVE-2022-4712 entry applies to the WordPress WP Cerber Security plugin (versions up to 9.1). The vulnerability is a stored cross-site scripting (XSS) in the log parameter during login, exploitable by unauthenticated attackers. Impact: injected scripts execute in pages accessed by users, with ...

CVE-2022-4712 WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute wheneve...

PT-2023-15174 · WordPress · Wp Cerber Security

Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including, 9.1 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the log parameter when logging in to the site. This makes it...

CVE-2022-4417

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

Authentication flaw

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...