CVE-2022-2877

MEDIUM

Titan Anti-spam & Security <7.3.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68

Scores

CVSS v3 5.3
EPSS 0.0025
EPSS Percentile 48.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-639
Status published
Products (1)
cm-wp/titan_anti-spam_\&_security < 7.3.1
Published Sep 16, 2022
Tracked Since Feb 18, 2026