Ilyass El Hadi - Security Researcher - Exploit Intelligence Platform

CVE-2021-37597 WRITEUP CRITICAL WRITEUP

WP Cerber < 8.9.3 - Multi-Factor Authentication Bypass via wordpress_logged_in_[hash] Manipulation

WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.

CVSS 9.8

View Code

CVE-2021-37598 WRITEUP MEDIUM WRITEUP

WP Cerber < 8.9.3 - Unauthenticated Access Control Bypass via Trailing ? Character

WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.

CVSS 5.3

View Code

CVE-2022-46366 WRITEUP CRITICAL WRITEUP

Apache Tapestry 3.x - Remote Code Execution via Untrusted Data Deserialization

Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.

CVSS 9.8

View Code