CVE-2022-4100

EPSS 0.13%
Published 31.08.2024 09:15:03
Last modified 20.09.2024 00:08:09
Source security@wordfence.com
Teams watchlist Login
Open Login

The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Wpcerber ≫ Cerber Security Antispam & Malware Scan SwPlatformwordpress Version < 9.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.333

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://plugins.trac.wordpress.org/changeset/2865322/wp-cerber/trunk/cerber-common.php

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=cve

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4100

EUVD