cbcvebase.

Cerber Wp Cerber Security Anti-Spam Malware Scan vulnerabilities

4 known vulnerabilities affecting cerber/wp_cerber_security_anti-spam_malware_scan.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-0429P2MEDIUMCVSS 6.1ExploitedPoCfixed in 8.9.62022-03-07
CVE-2022-0429 [MEDIUM] CWE-79 CVE-2022-0429: The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.
nvd
CVE-2022-4417P4MEDIUMCVSS 5.3fixed in 9.3.32023-01-02
CVE-2022-4417 [MEDIUM] CWE-639 CVE-2022-4417: The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly blo The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users
nvd
CVE-2022-2939P4MEDIUMCVSS 5.3≤ 9.02022-09-06
CVE-2022-2939 [MEDIUM] CWE-200 CVE-2022-2939: The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the va
nvd
CVE-2022-4712P4MEDIUMCVSS 6.1fixed in 9.22023-10-20
CVE-2022-4712 [MEDIUM] CWE-79 CVE-2022-4712: The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
nvd
Cerber Wp Cerber Security Anti-Spam Malware Scan vulnerabilities | cvebase