WordPress · Wp Cerber Security · CVE-2022-4417
**Name of the Vulnerable Software and Affected Versions**
WP Cerber Security, Anti-spam & Malware Scan WordPress plugin versions prior to 9.3.3
**Description**
The issue concerns improper access control to the REST API users endpoint when the blog is in a subdirectory. This could allow attackers to bypass restrictions and list users.
**Recommendations**
For versions prior to 9.3.3, update to version 9.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API users endpoint until the update is applied.