PT-2024-11638 · WordPress · Wp Cerber Security
Chihyu
·
Published
2024-08-31
·
Updated
2024-09-20
·
CVE-2022-4100
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WP Cerber Security plugin for WordPress versions up to, and including 9.4
Description
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the
X-Forwarded-For HTTP header to an IP Address that hasn't been blocked.Recommendations
For versions up to, and including 9.4, update to a version that properly checks for a visitor's IP address to prevent IP Protection bypass.
As a temporary workaround, consider restricting access to the
X-Forwarded-For HTTP header to minimize the risk of exploitation.Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Cerber Security