Stored Cross-Site Scripting in WP Cerber Security Plugin for WordPress
CVE-2022-4712

7.2HIGH

Key Information:

Vendor: WordPress
Status: WP Cerber Security, Anti-spam & Malware Scan
Vendor: CVE Published:; 20 October 2023

Summary

The WP Cerber Security plugin for WordPress is susceptible to a stored cross-site scripting vulnerability through the log parameter during user login. This issue affects versions up to and including 9.1, allowing unauthenticated attackers to insert arbitrary scripts. The malicious scripts are executed whenever users access the compromised pages, potentially leading to session hijacking, data theft, or other harmful consequences.

Affected Version(s)

WP Cerber Security, Anti-spam & Malware Scan * <= 9.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-cerber/trun...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Dec 23, 2022

Credit

Ramuel Gall