WordPress Plugin Vulnerabilities

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

Description

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users

Proof of Concept

When the "Block access to users' data via REST API" settings is enabled (wp-admin/admin.php?page=cerber-security&tab=hardening)

https://example.com/subdir//wp-json/wp/v2/users

Affects Plugins

Plugin icon
wp-cerber
Fixed in 9.3.3

References

CVE
CVE-2022-4417

Miscellaneous

Original Researcher
Abdul Muneeb
Submitter
Abdul Muneeb
Verified
Yes
WPVDB ID
a8c6b077-ff93-4c7b-970f-3be4d7971aa5

Timeline

Publicly Published
2022-12-12 (about 1 years ago)
Added
2022-12-12 (about 1 years ago)
Last Updated
2022-12-12 (about 1 years ago)

Other

Published
Title
Published
2022-12-27
Title
WP Limit Login Attempts <= 2.6.5 - IP Spoofing
Published
2022-04-07
Title
SiteGround Security < 1.2.6 - Authentication Bypass via 2-FA Authentication Setup
Published
2019-04-11
Title
YellowPencil Visual CSS Style Editor <= 7.2.0 - Unauthenticated Arbitrary Options Updates
Published
2015-09-15
Title
WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
Published
2022-10-31
Title
WP-Polls < 2.76.0 - IP Validation Bypass