Wpcerber: Security Vulnerabilities
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-08-31
WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-08-19
WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-08-19
The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
CVSS Score
6.1
EPSS Score
0.012
Published
2019-09-17