CVE-2022-4417

Name of the Vulnerable Software and Affected Versions WP Cerber Security, Anti-spam & Malware Scan WordPress plugin versions prior to 9.3.3

Description The issue concerns improper access control to the REST API users endpoint when the blog is in a subdirectory. This could allow attackers to bypass restrictions and list users.

Recommendations For versions prior to 9.3.3, update to version 9.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API users endpoint until the update is applied.