Products
WP Cerber Security plugin for WordPress
- up to 9.4
Source
security@wordfence.com
Tags
CVE-2022-4100 details
Published : Aug. 31, 2024, 9:15 a.m.
Last Modified : Aug. 31, 2024, 9:15 a.m.
Last Modified : Aug. 31, 2024, 9:15 a.m.
Description
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
CVSS Score
1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-693 | Protection Mechanism Failure | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
5.3
Exploitability Score
3.9
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References
URL | Source |
---|---|
https://plugins.trac.wordpress.org/changeset/2865322/wp-cerber/trunk/cerber-common.php | security@wordfence.com |
https://www.wordfence.com/threat-intel/vulnerabilities/id/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=cve | security@wordfence.com |
This website uses the NVD API, but is not approved or certified by it.