WordPress Plugin Vulnerabilities

WP Cerber Security < 8.9.3 - Rest-API Protection Bypass

Description

The /wp-json REST API endpoint is by default blocked by WP Cerber from accessing its information. However, by appending a ?, the access control list protections are bypassed and data can then be retrieved from it

Affects Plugins

Plugin icon
wp-cerber
Fixed in 8.9.3

References

CVE
CVE-2021-37598
URL
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0024/FEYE-2021-0024.md

Miscellaneous

Original Researcher
lyass El Hadi, Mandiant
Verified
No
WPVDB ID
0c06abf1-f01f-4268-a105-02b1327427cf

Timeline

Publicly Published
2021-08-19 (about 4 years ago)
Added
2021-08-19 (about 4 years ago)
Last Updated
2022-03-07 (about 4 years ago)

Other

Published
Title
Published
2022-01-31
Title
Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing
Published
2020-10-29
Title
WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network
Published
2020-05-26
Title
Drag and Drop Multiple File Upload for Contact Form 7 < 1.3.3.3 - Unauthenticated File Upload Bypass
Published
2026-02-06
Title
Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass
Published
2016-12-31
Title
XCloner - Backup and Restore < 3.1.5 - Authenticated Path Traversal