The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
References
Configurations
Configuration 1 (hide)
|
History
20 Sep 2024, 00:08
Type | Values Removed | Values Added |
---|---|---|
First Time |
Wpcerber cerber Security Antispam \& Malware Scan
Wpcerber |
|
CWE | NVD-CWE-noinfo | |
References | () https://plugins.trac.wordpress.org/changeset/2865322/wp-cerber/trunk/cerber-common.php - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=cve - Third Party Advisory | |
CPE | cpe:2.3:a:wpcerber:cerber_security_antispam_\&_malware_scan:*:*:*:*:*:wordpress:*:* |
03 Sep 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
31 Aug 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-31 09:15
Updated : 2024-09-20 00:08
NVD link : CVE-2022-4100
Mitre link : CVE-2022-4100
CVE.ORG link : CVE-2022-4100
JSON object : View
Products Affected
wpcerber
- cerber_security_antispam_\&_malware_scan
CWE