The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
History

Fri, 20 Sep 2024 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Wpcerber
Wpcerber cerber Security Antispam \& Malware Scan
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:wpcerber:cerber_security_antispam_\&_malware_scan:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpcerber
Wpcerber cerber Security Antispam \& Malware Scan

Tue, 03 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Gioni
Gioni wp Cerber Security
CPEs cpe:2.3:a:gioni:wp_cerber_security:*:*:*:*:*:*:*:*
Vendors & Products Gioni
Gioni wp Cerber Security
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 31 Aug 2024 08:45:00 +0000

Type Values Removed Values Added
Description The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
Title WP Cerber Security <= 9.4 - IP Protection Bypass
Weaknesses CWE-693
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-31T08:35:05.543Z

Updated: 2024-09-03T14:25:08.791Z

Reserved: 2022-11-21T13:22:19.996Z

Link: CVE-2022-4100

cve-icon Vulnrichment

Updated: 2024-09-03T14:25:01.267Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-31T09:15:03.720

Modified: 2024-09-20T00:08:09.787

Link: CVE-2022-4100

cve-icon Redhat

No data.