VYPR

wp-cerber

by WordPress

CVEs (3)

  • CVE-2021-37597CriAug 19, 2021
    risk 0.64cvss 9.8epss 0.02

    WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.

  • CVE-2016-10990MedSep 17, 2019
    risk 0.40cvss 6.1epss 0.01

    The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.

  • CVE-2021-37598MedAug 19, 2021
    risk 0.35cvss 5.3epss 0.02

    WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.