The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Sep 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpcerber
Wpcerber cerber Security Antispam \& Malware Scan |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:wpcerber:cerber_security_antispam_\&_malware_scan:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Wpcerber
Wpcerber cerber Security Antispam \& Malware Scan |
Tue, 03 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gioni
Gioni wp Cerber Security |
|
CPEs | cpe:2.3:a:gioni:wp_cerber_security:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gioni
Gioni wp Cerber Security |
|
Metrics |
ssvc
|
Sat, 31 Aug 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked. | |
Title | WP Cerber Security <= 9.4 - IP Protection Bypass | |
Weaknesses | CWE-693 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-31T08:35:05.543Z
Updated: 2024-09-03T14:25:08.791Z
Reserved: 2022-11-21T13:22:19.996Z
Link: CVE-2022-4100
Vulnrichment
Updated: 2024-09-03T14:25:01.267Z
NVD
Status : Analyzed
Published: 2024-08-31T09:15:03.720
Modified: 2024-09-20T00:08:09.787
Link: CVE-2022-4100
Redhat
No data.