Vulnerabilities > Wpcerber
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-19 | CVE-2021-37597 | Improper Authentication vulnerability in Wpcerber WP Cerber WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation. | 7.5 |
| 2021-08-19 | CVE-2021-37598 | Incorrect Authorization vulnerability in Wpcerber WP Cerber WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character. | 5.0 |
| 2019-09-17 | CVE-2016-10990 | Cross-site Scripting vulnerability in Wpcerber Cerber Security Antispam & Malware Scan 2.0.1.6 The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header. | 4.3 |