Description

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently bypass user enumeration and other protection mechanisms. WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan version 8.0 is vulnerable; prior versions may also be affected.

Remediation

Ensure that protection mechanisms are properly implemented or disable the plugin until a fix is available

References

https://www.exploit-db.com/exploits/46497

https://packetstormsecurity.com/files/151906/WordPress-Cerber-8.0-Bypass.html

Related Vulnerabilities

MySQL CVE-2017-10313 Vulnerability (CVE-2017-10313)

WordPress Plugin Media Tags Cross-Site Scripting (3.2.0.2)

MySQL CVE-2014-2450 Vulnerability (CVE-2014-2450)

WordPress Plugin Testimonial Cross-Site Scripting (1.5.9)

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5351)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass