Vulnerability Details CVE-2022-4100
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.6%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2022-4100
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:-
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:2.0.1.6
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:2.7
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:6.2
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:6.5
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:6.7
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:6.7.5
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.0
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.2
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.5
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.6
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.7
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.8
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.8.5
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.9
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.9.3
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:7.9.7
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:8.0
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:8.1
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:8.2
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:8.3
-
cpe:2.3:a:wpcerber:cerber_security_antispam_&_malware_scan:8.4