CVE-2022-4712

Name of the Vulnerable Software and Affected Versions WP Cerber Security plugin for WordPress versions up to, and including, 9.1

Description The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the log parameter when logging in to the site. This makes it possible for attackers to execute scripts whenever a user accesses an injected page.

Recommendations For WP Cerber Security plugin for WordPress versions up to, and including, 9.1, update to a version higher than 9.1 to resolve the issue. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation. Avoid using the log parameter in the affected login functionality until the issue is resolved.