Posted By Gregory

WP Cerber Security 8.9.3

This is a security update. If you use two-factor authentication (2FA), please install this version ASAP.


  • The scanner: checksums generated using manually uploaded ZIP archives have priority over the remote ones. It’s crucial if a plugin was installed from a vendor website located in the same folder as the free plugin on
  • You can configure exceptions for WP Cerber’s anti-spam by disabling its code on selected WordPress pages. The list of pages is specified with a new PHP constant CERBER_DISABLE_SPAM_FILTER that you need to add to the wp-config.php file. This helps to avoid conflicts with third-party forms loaded from and processed on third-party websites. Use a comma-separated string with post/page IDs. If configured, you see the list of pages on the anti-spam settings admin page.
  • New diagnostic messages were added for better troubleshooting issues with ZIP archives uploaded in the scanner.


  • A vulnerability that affects the two-factor authentication (2FA) mechanism has been fixed (CVE-2021-37597).
  • Fixed bug that prevents uploading ZIP archives on the scan results page if the filename contains multiple dots. When attempting to upload a valid ZIP archive the plugin shows the “Incorrect file format” error message.
  • Fixed admin message “Error: Sorry, that username is not allowed.” which is wrongly displayed on the user edit page while updating users with prohibited usernames.
  • Fixed: not detecting malformed REST API requests with a question mark in this format: /wp-json? (CVE-2021-37598)

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered here: G2.COM/WPCerber.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.