PT-2025-44591 · WordPress · Oopspam Anti-Spam
Published
2025-10-31
·
Updated
2025-10-31
·
CVE-2025-12094
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OOPSpam Anti-Spam plugin for WordPress versions through 1.2.53
Description
The OOPSpam Anti-Spam plugin for WordPress is susceptible to IP Header Spoofing. The plugin improperly trusts client-controlled forwarded headers, such as
CF-Connecting-IP and X-Forwarded-For, without verifying their origin from trusted proxies. This allows attackers to spoof their IP address and circumvent IP-based security measures like blocked IP lists and rate limiting. Attackers can achieve this by sending arbitrary HTTP headers with their requests.Recommendations
Update the OOPSpam Anti-Spam plugin to a version beyond 1.2.53.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oopspam Anti-Spam