2 matches found
CVE-2021-37598
WP Cerber before 8.9.3 has a broken access control in the /wp-json endpoint caused by improper handling of a trailing ? character, allowing unauthorized access to protected REST API endpoints. Affected software: WP Cerber versions prior to 8.9.3. The root cause is a bypass of the access control f...
CVE-2021-37597
CVE-2021-37597 affects WordPress WP Cerber plugin versions prior to 8.9.3, where MFA can be bypassed by manipulating the wordpress_logged_in_[hash] value. The issue is described in multiple sources as a 2FA bypass vulnerability with high impact. A fix is available in version 8.9.3 and later; upgr...