CVE-2022-4712
- EPSS 0.71%
- Veröffentlicht 20.10.2023 07:15:14
- Zuletzt bearbeitet 21.11.2024 07:35:47
The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary...
CVE-2022-2939
- EPSS 0.41%
- Veröffentlicht 06.09.2022 18:15:15
- Zuletzt bearbeitet 21.11.2024 07:01:57
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' paramete...
CVE-2022-0429
- EPSS 0.45%
- Veröffentlicht 07.03.2022 09:15:09
- Zuletzt bearbeitet 21.11.2024 06:38:36
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting...