WP Cerber Security 8.9.3

This is a security update. If you use two-factor authentication (2FA), please install this version ASAP.

Improvements

• The scanner: checksums generated using manually uploaded ZIP archives have priority over the remote ones. It’s crucial if a plugin was installed from a vendor website located in the same folder as the free plugin on wordpress.org.
• You can configure exceptions for WP Cerber’s anti-spam by disabling its code on selected WordPress pages. The list of pages is specified with a new PHP constant CERBER_DISABLE_SPAM_FILTER that you need to add to the wp-config.php file. This helps to avoid conflicts with third-party forms loaded from and processed on third-party websites. Use a comma-separated string with post/page IDs. If configured, you see the list of pages on the anti-spam settings admin page.
• New diagnostic messages were added for better troubleshooting issues with ZIP archives uploaded in the scanner.

Fixes

• A vulnerability that affects the two-factor authentication (2FA) mechanism has been fixed (CVE-2021-37597).
• Fixed bug that prevents uploading ZIP archives on the scan results page if the filename contains multiple dots. When attempting to upload a valid ZIP archive the plugin shows the “Incorrect file format” error message.
• Fixed admin message “Error: Sorry, that username is not allowed.” which is wrongly displayed on the user edit page while updating users with prohibited usernames.
• Fixed: not detecting malformed REST API requests with a question mark in this format: /wp-json? (CVE-2021-37598)

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.