Description
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently extract data such as users, posts, authors, and IP addresses from the WordPress REST API. WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan version 8.9 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 8.9.3 or latest
References
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0024/FEYE-2021-0024.md
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0023/FEYE-2021-0023.md
https://plugins.svn.wordpress.org/wp-cerber/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.6.1)
WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)
WordPress Plugin Ultimate Profile Builder By CMSHelpLive Multiple Vulnerabilities (2.3.3)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)