Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Titan Anti-spam & Security by Unknown

    CVE-2022-2877 (GCVE-0-2022-2877)

    Vulnerability from nvd – Published: 2022-09-16 08:40 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing
    Summary
    The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
    Severity
    No CVSS data available.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Titan Anti-spam & Security Affected: 7.3.1 , < 7.3.1 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Titan Anti-spam \u0026 Security",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.3.1",
                  "status": "affected",
                  "version": "7.3.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Titan Anti-spam \u0026 Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it\u0027s block feature by spoofing the headers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T08:40:37.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Titan Anti-spam \u0026 Security \u003c 7.3.1 - Protection Bypass due to IP Spoofing",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2877",
              "STATE": "PUBLIC",
              "TITLE": "Titan Anti-spam \u0026 Security \u003c 7.3.1 - Protection Bypass due to IP Spoofing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Titan Anti-spam \u0026 Security",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.1",
                                "version_value": "7.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Titan Anti-spam \u0026 Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it\u0027s block feature by spoofing the headers."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2877",
        "datePublished": "2022-09-16T08:40:37.000Z",
        "dateReserved": "2022-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2877 (GCVE-0-2022-2877)

    Vulnerability from cvelistv5 – Published: 2022-09-16 08:40 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing
    Summary
    The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
    Severity
    No CVSS data available.
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Titan Anti-spam & Security Affected: 7.3.1 , < 7.3.1 (custom)
    Create a notification for this product.
    Credits
    Daniel Ruf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.794Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Titan Anti-spam \u0026 Security",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.3.1",
                  "status": "affected",
                  "version": "7.3.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Daniel Ruf"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Titan Anti-spam \u0026 Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it\u0027s block feature by spoofing the headers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T08:40:37.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Titan Anti-spam \u0026 Security \u003c 7.3.1 - Protection Bypass due to IP Spoofing",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-2877",
              "STATE": "PUBLIC",
              "TITLE": "Titan Anti-spam \u0026 Security \u003c 7.3.1 - Protection Bypass due to IP Spoofing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Titan Anti-spam \u0026 Security",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.1",
                                "version_value": "7.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Daniel Ruf"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Titan Anti-spam \u0026 Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it\u0027s block feature by spoofing the headers."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2877",
        "datePublished": "2022-09-16T08:40:37.000Z",
        "dateReserved": "2022-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.794Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }