Description
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently extract data such as users, posts, authors, and IP addresses from the WordPress REST API. WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan version 8.9 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 8.9.3 or latest
References
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0024/FEYE-2021-0024.md
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0023/FEYE-2021-0023.md
https://plugins.svn.wordpress.org/wp-cerber/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Testimonial WordPress-AP Custom Testimonial Unspecified Vulnerability (1.4.7)
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2603)
WordPress Plugin Another WordPress Classifieds Multiple Vulnerabilities (2.2.1)