Vulnerabilities > Cerber

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2022-4712 Cross-site Scripting vulnerability in Cerber WP Cerber Security, Anti-Spam & Malware Scan
The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1.
network
low complexity
cerber CWE-79
6.1
2023-01-02 CVE-2022-4417 Unspecified vulnerability in Cerber WP Cerber Security, Anti-Spam & Malware Scan
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users
network
low complexity
cerber
5.3
2022-03-07 CVE-2022-0429 Cross-site Scripting vulnerability in Cerber WP Cerber Security, Anti-Spam & Malware Scan
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.
network
cerber CWE-79
4.3