5.3
CVE-2022-2877
- EPSS 0.61%
- Veröffentlicht 16.09.2022 09:15:11
- Zuletzt bearbeitet 21.11.2024 07:01:51
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginTitan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing
Titan Anti Spam & Security <= 7.3.0 - IP Spoofing to Protection Bypass
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
Mögliche Gegenmaßnahme
Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter: Update to version 7.3.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cm-wp ≫ Titan Anti-spam & Security SwPlatformwordpress Version < 7.3.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter
Version
*-7.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.444 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68
https://www.wordfence.com/threat-intel/vulnerabilities/id/3edb95f1-aa82-4b51-957e-2039dd8624e1