CVE-2022-2877

{"id": "CVE-2022-2877", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-09-16T09:15:11.137", "references": [{"url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."}, {"lang": "es", "value": "El plugin Titan Anti-spam & Security de WordPress versiones anteriores a 7.3.1 no comprueba apropiadamente los encabezados HTTP para comprobar la direcci\u00f3n IP de origen, lo que permite a actores de amenazas omitir su funci\u00f3n de bloqueo al falsificando los encabezados"}], "lastModified": "2022-09-20T13:25:35.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cm-wp:titan_anti-spam_\\&_security:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "69D408EB-20B0-4255-A947-FA6635E6ED3F", "versionEndExcluding": "7.3.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}