{"containers": {"cna": {"affected": [{"product": "Titan Anti-spam & Security", "vendor": "Unknown", "versions": [{"lessThan": "7.3.1", "status": "affected", "version": "7.3.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Daniel Ruf"}], "descriptions": [{"lang": "en", "value": "The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T08:40:37", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"}], "source": {"discovery": "EXTERNAL"}, "title": "Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2877", "STATE": "PUBLIC", "TITLE": "Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Titan Anti-spam & Security", "version": {"version_data": [{"version_affected": "<", "version_name": "7.3.1", "version_value": "7.3.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Daniel Ruf"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:52:59.794Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2877", "datePublished": "2022-09-16T08:40:37", "dateReserved": "2022-08-17T00:00:00", "dateUpdated": "2024-08-03T00:52:59.794Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cm-wp:titan_anti-spam_\\&_security:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "69D408EB-20B0-4255-A947-FA6635E6ED3F", "versionEndExcluding": "7.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."}, {"lang": "es", "value": "El plugin Titan Anti-spam &amp; Security de WordPress versiones anteriores a 7.3.1 no comprueba apropiadamente los encabezados HTTP para comprobar la direcci\u00f3n IP de origen, lo que permite a actores de amenazas omitir su funci\u00f3n de bloqueo al falsificando los encabezados"}], "id": "CVE-2022-2877", "lastModified": "2022-09-20T13:25:35.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-16T09:15:11.137", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "contact@wpscan.com", "type": "Primary"}]}

{}