Description
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently extract data such as users, posts, authors, and IP addresses from the WordPress REST API. WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan version 8.9 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 8.9.3 or latest
References
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0024/FEYE-2021-0024.md
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0023/FEYE-2021-0023.md
https://plugins.svn.wordpress.org/wp-cerber/trunk/readme.txt
Related Vulnerabilities
MySQL Other Vulnerability (CVE-2016-0705)
WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (4.0.3)
Moodle Incorrect Default Permissions Vulnerability (CVE-2012-1157)
WordPress Plugin Baggage Freight Shipping Australia Arbitrary File Upload (0.1.0)
WordPress MU 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities (1.0 - 2.5.1)