CVE-2022-1663

🗓️ 29 Aug 2022 14:40:25Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 55 Views🌐 WEB

The Stop Spam Comments WordPress plugin through 0.2.1.2 has JavaScript access token vulnerabilit

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2022-1663	29 Aug 202222:34	–	circl
CNNVD	WordPress plugin Stop Spam Comments 安全漏洞	29 Aug 202200:00	–	cnnvd
CNVD	WordPress Stop Spam Comments Information Disclosure Vulnerability	31 Aug 202200:00	–	cnvd
Cvelist	CVE-2022-1663 Stop Spam Comments <= 0.2.1.2 - Access Token Bypass	29 Aug 202214:40	–	cvelist
EUVD	EUVD-2022-24949	3 Oct 202520:07	–	euvd
NVD	CVE-2022-1663	29 Aug 202218:15	–	nvd
OSV	CVE-2022-1663	29 Aug 202218:15	–	osv
Patchstack	WordPress Stop Spam Comments plugin <= 0.2.1.2 - Access Token Bypass vulnerability	8 Aug 202200:00	–	patchstack
Prion	Cross site request forgery (csrf)	29 Aug 202218:15	–	prion
Positive Technologies	PT-2022-14032 · WordPress · Stop Comment Spam	29 Aug 202200:00	–	ptsecurity

NVD

Vulners

Node

stop_spam_comments_project stop_spam_commentsRange≤0.2.1.2wordpress

[
  {
    "product": "Stop Spam Comments",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "0.2.1.2",
        "status": "affected",
        "version": "0.2.1.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/30820be1-e96a-4ff6-b1ec-efda14069e70

Parameter	Position	Path	Description	CWE
ssc_key_NAME	request body	/wp-comments-post.php	Stop Spam Comments plugin vulnerable to token theft via crafted POST to wp-comments-post.php; attacker can collect the Javascript access token name/value and reuse it in the request.	CWE-200

21 Nov 2024 06:41Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.5

EPSS0.00216

CWE-200