cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4100,https://securityvulnerability.io/vulnerability/CVE-2022-4100,IP Protection Bypass Vulnerability in WP Cerber Security Plugin,"The WP Cerber Security plugin for WordPress exhibits a vulnerability that compromises its IP Protection feature, enabling attackers to circumvent restrictions. This flaw arises from the plugin's failure to adequately verify a visitor's IP address, allowing individuals with blocked IPs to exploit the X-Forwarded-For HTTP header. By spoofing an allowed IP address in the header, unauthorized users can potentially gain access to resources that should be restricted. The vulnerability affects all versions of the WP Cerber Security plugin up to and including 9.4, posing a significant risk for WordPress sites relying on this security measure.",Wordpress,"WP Cerber Security, Anti-spam & Malware Scan",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-31T08:35:05.543Z,0
CVE-2022-4712,https://securityvulnerability.io/vulnerability/CVE-2022-4712,Stored Cross-Site Scripting in WP Cerber Security Plugin for WordPress,"The WP Cerber Security plugin for WordPress is susceptible to a stored cross-site scripting vulnerability through the log parameter during user login. This issue affects versions up to and including 9.1, allowing unauthenticated attackers to insert arbitrary scripts. The malicious scripts are executed whenever users access the compromised pages, potentially leading to session hijacking, data theft, or other harmful consequences.",Wordpress,"WP Cerber Security, Anti-spam & Malware Scan",7.2,HIGH,0.0007600000244565308,false,,false,false,false,,false,false,2023-10-20T06:35:32.603Z,0
CVE-2022-4417,https://securityvulnerability.io/vulnerability/CVE-2022-4417,WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API,"The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users",Wordpress,"WP Cerber Security, Anti-spam & Malware Scan",5.3,MEDIUM,0.0009500000160187483,false,,false,false,false,,false,false,2023-01-02T21:49:26.726Z,0
CVE-2022-2939,https://securityvulnerability.io/vulnerability/CVE-2022-2939,WP Cerber Security <= 9.0 - User Enumeration Bypass,"The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks.",Wordpress,"WP Cerber Security, Anti-spam & Malware Scan",5.3,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2022-09-06T17:19:01.000Z,0
CVE-2022-0429,https://securityvulnerability.io/vulnerability/CVE-2022-0429,"WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting","The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.",Wordpress,"WP Cerber Security, Anti-spam & Malware Scan",6.1,MEDIUM,0.0013200000394135714,false,,false,false,false,,false,false,2022-03-07T08:16:37.000Z,0