Description

WordPress Plugin SpamBam is prone to a security bypass vulnerability because client accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form data via automated scripts and distribute spam.

Remediation

Disable the plugin

References

Wordpress Spambam Plugin : Security vulnerabilities, CVEs - CVEdetails.com

Related Vulnerabilities

WordPress Plugin Asset Manager 'upload.php' Arbitrary File Upload (0.3)

WordPress Plugin AddToAny Share Buttons Cross-Site Scripting (1.6.6)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-5345)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4225)

WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass