The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.
6.1CVSS
6AI Score
0.001EPSS
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-F...
5.3CVSS
5.2AI Score
0.0005EPSS