WordPress Plugin Vulnerabilities

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

Description

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users

Proof of Concept

Affects Plugins

Plugin icon
wp-cerber
Fixed in 9.3.3

References

CVE
CVE-2022-4417

Miscellaneous

Original Researcher
Abdul Muneeb
Submitter
Abdul Muneeb
Verified
Yes
WPVDB ID
a8c6b077-ff93-4c7b-970f-3be4d7971aa5

Timeline

Publicly Published
2022-12-12 (about 3 years ago)
Added
2022-12-12 (about 3 years ago)
Last Updated
2022-12-12 (about 3 years ago)

Other

Published
Title
Published
2018-12-13
Title
WordPress <= 5.0 - Authenticated Post Type Bypass
Published
2024-01-17
Title
Getwid – Gutenberg Blocks < 2.0.5 - Captcha Bypass
Published
2016-07-06
Title
WP Maintenance Mode <= 2.0.6 - Subscriber Information Disclosure
Published
2020-08-21
Title
Contact Form - Form builder by Kali Forms < 2.1.2 - Multiple CSRF Bypass Issues
Published
2015-12-14
Title
Admin Management Xtended <= 2.4.0 - Privilege Escalation