Description

WordPress Plugin SpamBam is prone to a security bypass vulnerability because client accessible data can be used to calculate verification keys. Attackers can exploit this issue to submit arbitrary form data via automated scripts and distribute spam.

Remediation

Disable the plugin

References

http://www.securityfocus.com/bid/27291/exploit

http://www.securityfocus.com/archive/1/486333

Related Vulnerabilities

WordPress Plugin W4 Post List Cross-Site Scripting (2.4.4)

WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.2)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.21)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions SQL Injection (2.9.7)

WordPress Plugin WordPress Clean Up & Optimizer-Clean Up Optimizer SQL Injection (3.0.13)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Authentication Bypass