The non-numeric characters are stripped and the user requested is displayed. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. This is due to improper validation on the value supplied through the ‘author’ parameter found in the ~/cerber-load.php file. The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible.
Recommended Remediation: Update to version 9.1, or newer. WP Cerber Security <= 9.0 – User Enumeration BypassĪffected Plugin: WP Cerber Security, Anti-spam & Malware ScanĬVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N This is unlikely to be exploited in the wild and would require an attacker gain access to an administrative user account or trick a site’s administrator into injecting a script into the field themself (via self XSS). This makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts into the setting that executes whenever a user accesses a page displaying the affected setting on sites running a vulnerable version.
The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. Recommended Remediation: Update to version 7.6.1, or newer. Affected Plugin: Wordfence Security – Firewall & Malware ScanĬVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
0 kommentar(er)
