| CVE | CVE-2022-4417 |
|---|---|
| CVSS | Medium (5.3) |
| Publicly Published | December 12, 2022 |
| Last Updated | January 22, 2024 |
| Researcher |
Abdul Muneeb
|
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.3.2, that makes user enumeration possible via the REST API. This is due the plugin not blocking access to the user endpoint when the plugin resides within a subdirectory. This can be used by unauthenticated attackers to gather information about users that can targeted in further attacks.
References| Software Type | Plugin |
|---|---|
| Software Slug | wp-cerber (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
Copyright 2012-2026 Defiant Inc.
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.
License Detail.