Description

WordPress Plugin SpamBam is prone to a security bypass vulnerability because client accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form data via automated scripts and distribute spam.

Remediation

Disable the plugin

References

Wordpress Spambam Plugin : Security vulnerabilities, CVEs - CVEdetails.com

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-1709)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions Insecure Direct Object Reference (3.0.4)

WordPress Plugin WP-T-Wap Cross-Site Scripting (1.13.2)

MySQL CVE-2020-14827 Vulnerability (CVE-2020-14827)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass