← voltar
CVE-2022-4100

WP Cerber Security <= 9.4 - IP Protection Bypass

CVSS 5.3 MEDIUMEPSS 0.3%CWE-693
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
gioni · WP Cerber Security, Anti-spam & Malware Scan

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/changeset/2865322/wp-cerber/trunk/cerber-common.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=cve