CVE-2021-37598 Scanner

WP Cerber is a security plugin for WordPress that provides protection against various types of attacks on WordPress websites. The plugin is widely used by website administrators and developers to enhance the security of their WordPress sites. WP Cerber's functionalities include limiting login attempts, protecting against spam, blocking malicious IP addresses, and more. It is popular among small to medium businesses as well as personal bloggers who manage WordPress sites. WP Cerber is integrated into the WordPress environment and can be managed directly from the WordPress admin dashboard. Its ease of use and comprehensive security features make it a valuable tool for securing wordPress installations.

The Broken Access Control vulnerability in WP Cerber affects versions before 8.9.3. This vulnerability allows unauthorized users to bypass access control mechanisms and access protected REST API endpoints on a WordPress site. The flaw is due to improper handling of the trailing '?' character in URL requests, which incorrectly provides API access. The potential impact of this vulnerability includes unauthorized information disclosure and further exploitation of the WordPress site. The vulnerability requires minimal effort to exploit, making it a significant risk for affected installations. WordPress site administrators are advised to update to the latest version of WP Cerber to mitigate the risk.

The vulnerability is exploited by sending a crafted HTTP request to the '/wp-json' endpoint with a trailing '?' character. This error allows unauthorized users to gain access to sensitive endpoint responses that should be protected by the plugin. Typical responses include JSON-formatted information about the website, which should be inaccessible to users without appropriate privileges. The flaw significantly compromises the security mechanism of the WP Cerber plugin, negating its protective effect over REST API endpoints. The exploitation of this vulnerability does not require authentication, hence making it easily exploitable.

When exploited, the vulnerability allows unauthorized parties to access privileged operations and information on a WordPress site. This access could lead to further attacks, such as stealing confidential data, modifying site content, or carrying out more severe exploits on the web server. If sensitive data like users' personal information is exposed, it could lead to legal and reputational damage for organizations. Therefore, addressing this issue promptly is crucial to maintain site integrity.

REFERENCES

• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/FEYE-2021-0024/FEYE-2021-0024.md
• https://nvd.nist.gov/vuln/detail/CVE-2021-37598