PT-2022-19219 · WordPress · Titan Anti-Spam & Security

Daniel Ruf

Published

2022-09-16

Updated

2022-09-20

CVE-2022-2877

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Titan Anti-spam & Security WordPress plugin versions prior to 7.3.1

Description The issue concerns the improper validation of HTTP headers to determine the origin IP address. This allows threat actors to bypass the block feature by spoofing the headers.

Recommendations For versions prior to 7.3.1, update to version 7.3.1 or later to resolve the issue.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2022-2877

Affected Products

Titan Anti-Spam & Security

PT-2022-19219 · WordPress · Titan Anti-Spam & Security

CVE-2022-2877

Weakness Enumeration

Related Identifiers

Affected Products

References · 4