CVE-2022-4712 – The WP Cerber Security plugin for WordPress ver... (How to Fix)

Q: What is the severity of CVE-2022-4712?

CVE-2022-4712 has a CVSS score of 7.2 (HIGH). The WP Cerber Security plugin for WordPress versions up to 9.1 contains a stored cross-site scripting (XSS) vulnerability in the log parameter during login. Unauthenticated attackers can inject malicious scripts that execute when users view compromised pages. This affects all WordPress sites using vulnerable versions of the WP Cerber plugin.

📋 TL;DR

The WP Cerber Security plugin for WordPress versions up to 9.1 contains a stored cross-site scripting (XSS) vulnerability in the log parameter during login. Unauthenticated attackers can inject malicious scripts that execute when users view compromised pages. This affects all WordPress sites using vulnerable versions of the WP Cerber plugin.

💻 Affected Systems

Products:

WP Cerber Security plugin for WordPress

Versions: All versions up to and including 9.1

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with WP Cerber plugin enabled are vulnerable. No special configuration required.

📦 What is this software?

Wp Cerber Security\, Anti Spam \& Malware Scan by Cerber

View all CVEs affecting Wp Cerber Security\, Anti Spam \& Malware Scan →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform account takeover, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.

🟠

Likely Case

Attackers inject malicious JavaScript to steal user session cookies or credentials, leading to unauthorized access to user accounts and potential privilege escalation.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be neutralized, preventing execution and limiting impact to data integrity issues.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a login parameter, making it easily accessible. Public proof-of-concept exists in vulnerability reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 9.2 and later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/wp-cerber/trunk/admin/cerber-dashboard.php?rev=2721561#L1338

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Cerber Security plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 9.2+ from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable WP Cerber plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wp-cerber

Implement WAF rules

all

Add web application firewall rules to block XSS payloads in log parameter

🧯 If You Can't Patch

Disable the WP Cerber plugin immediately
Implement strict Content Security Policy (CSP) headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check WP Cerber plugin version in WordPress admin panel under Plugins > Installed Plugins

Check Version:

wp plugin get wp-cerber --field=version

Verify Fix Applied:

Verify WP Cerber plugin version is 9.2 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript payloads in login/log parameters
Multiple failed login attempts with script-like content

Network Indicators:

HTTP requests containing script tags or JavaScript in login parameters

SIEM Query:

source="*wp-cerber*" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2022-4712

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: October 20, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-4712, you might also want to check these: