CVE-2022-1663
MEDIUMStop Spam Comments < 0.2.1.2 - Unauthenticated Exposure of Sensitive Information via JavaScript Access Token
Title source: llmDescription
The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/30820be1-e96a-4ff6-b1ec-efda14069e70
Scores
CVSS v3
6.5
EPSS
0.0053
EPSS Percentile
40.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-200
Status
published
Products (1)
stop_spam_comments_project/stop_spam_comments
< 0.2.1.2
Published
Aug 29, 2022
Tracked Since
Feb 18, 2026