6.5
CVE-2022-1663
- EPSS 0.53%
- Veröffentlicht 29.08.2022 18:15:08
- Zuletzt bearbeitet 21.11.2024 06:41:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginStop Spam Comments <= 0.2.1.2 - Access Token Bypass
Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass
The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.
Mögliche Gegenmaßnahme
Stop Spam Comments: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Stop Spam Comments Project ≫ Stop Spam Comments SwPlatformwordpress Version <= 0.2.1.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Stop Spam Comments
Version
*-0.2.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.402 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://wpscan.com/vulnerability/30820be1-e96a-4ff6-b1ec-efda14069e70
https://www.wordfence.com/threat-intel/vulnerabilities/id/62061cf9-cdbf-4cb2-9890-36bdcbc65c21