WordPress Plugin Vulnerabilities

WP Cerber Security < 9.1 - Username Enumeration Bypass

Description

The plugin does not properly validate the author was blocking request trying to enumerate usernames, which could allow attackers to bypass the protection offered

Affects Plugins

Plugin icon
wp-cerber
Fixed in 9.1

References

CVE
CVE-2022-2939

Miscellaneous

Original Researcher
Margaux DABERT
Verified
No
WPVDB ID
b69b1620-96ac-464f-928a-11f0c8694e8c

Timeline

Publicly Published
2022-09-02 (about 3 years ago)
Added
2022-09-02 (about 3 years ago)
Last Updated
2022-09-02 (about 3 years ago)

Other

Published
Title
Published
2024-05-28
Title
Login with phone number < 1.7.27 - Authentication Bypass due to Missing Empty Value Check
Published
2020-02-22
Title
CardGate < 3.1.16 - Unauthorised Payments Hijacking and Order Status Spoofing
Published
2020-02-25
Title
Pricing Table by Supsystic < 1.8.2 - Insecure Permissions on AJAX Actions
Published
2017-03-17
Title
BuddyPress Docs <= 1.9.2 - Authenticated Lack of Authorisation
Published
2014-08-01
Title
WordPress - Plupload Unspecified Cross-Site Scripting (XSS)