Back to search
CVE-2022-4417
Published: Jan 2, 2023
Modified: Apr 10, 2025
PUBLISHED
Description
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users
| Vendor | Product | Versions |
|---|---|---|
Unknown | WP Cerber Security, Anti-spam & Malware Scan | affected 0 - < 9.3.3 |
References
https://wpscan.com/vulnerability/a8c6b077-ff93-4c7b-970f-3be4d7971aa5
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now