Description

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently bypass user enumeration and other protection mechanisms. WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan version 8.0 is vulnerable; prior versions may also be affected.

Remediation

Ensure that protection mechanisms are properly implemented or disable the plugin until a fix is available

References

https://www.exploit-db.com/exploits/46497

https://packetstormsecurity.com/files/151906/WordPress-Cerber-8.0-Bypass.html

Related Vulnerabilities

WordPress Plugin WooCommerce Customers Manager Unspecified Vulnerability (26.6)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.75)

Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-11784)

FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873)

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17317)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass