WP Cerber Security 8.9.3
This is a security update. If you use two-factor authentication (2FA), please install this version ASAP.
Improvements
- The scanner: checksums generated using manually uploaded ZIP archives have priority over the remote ones. It’s crucial if a plugin was installed from a vendor website located in the same folder as the free plugin on wordpress.org.
- You can configure exceptions for WP Cerber’s anti-spam by disabling its code on selected WordPress pages. The list of pages is specified with a new PHP constant CERBER_DISABLE_SPAM_FILTER that you need to add to the wp-config.php file. This helps to avoid conflicts with third-party forms loaded from and processed on third-party websites. Use a comma-separated string with post/page IDs. If configured, you see the list of pages on the anti-spam settings admin page.
- New diagnostic messages were added for better troubleshooting issues with ZIP archives uploaded in the scanner.
Fixes
- A vulnerability that affects the two-factor authentication (2FA) mechanism has been fixed (CVE-2021-37597).
- Fixed bug that prevents uploading ZIP archives on the scan results page if the filename contains multiple dots. When attempting to upload a valid ZIP archive the plugin shows the “Incorrect file format” error message.
- Fixed admin message “Error: Sorry, that username is not allowed.” which is wrongly displayed on the user edit page while updating users with prohibited usernames.
- Fixed: not detecting malformed REST API requests with a question mark in this format: /wp-json? (CVE-2021-37598)
Wonder what WP Cerber got in the previous version?
Review the release note for WP Cerber Security 8.9.
How to install WP Cerber on your WordPress
Enable automatic updates in the plugin settings or use this instruction on how to install WP Cerber if you do not have it on your website.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.
WordPress Security
Next Post
How to limit the number of concurrent user sessions in WordPress
Releases