CVE-2022-1663

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Stop Spam Comments WordPress plugin versions 0.2.1.2 and earlier

Description The issue arises from the improper generation of the Javascript access token, which is intended to prevent abuse of the comment section. This allows threat authors to easily collect the value and add it to the request, potentially leading to unauthorized access or manipulation of comments.

Recommendations For versions 0.2.1.2 and earlier, consider disabling the comment section or restricting access to it until a proper fix is available. As a temporary workaround, restrict the use of the Javascript access token to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2022-1663

Affected Products

Stop Comment Spam

CVE-2022-1663

Weakness Enumeration

Related Identifiers

Affected Products

References · 5