{"api_version":"1","generated_at":"2026-04-24T22:11:14+00:00","cve":"CVE-2022-2877","urls":{"html":"https://cve.report/CVE-2022-2877","api":"https://cve.report/api/cve/CVE-2022-2877.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2877","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2877"},"summary":{"title":"CVE-2022-2877","description":"The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2022-09-16 09:15:00","updated_at":"2022-09-20 13:25:00"},"problem_types":["CWE-639"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68","name":"https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68","refsource":"MISC","tags":[],"title":"Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing WordPress Security Vulnerability","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2877","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2877","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Daniel Ruf","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"2877","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cm-wp","cpe5":"titan_anti-spam_\\&_security","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ID":"CVE-2022-2877","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC","TITLE":"Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing"},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","generator":"WPScan CVE Generator","affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"Titan Anti-spam & Security","version":{"version_data":[{"version_affected":"<","version_name":"7.3.1","version_value":"7.3.1"}]}}]}}]}},"description":{"description_data":[{"lang":"eng","value":"The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers."}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68","name":"https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68"}]},"problemtype":{"problemtype_data":[{"description":[{"value":"CWE-639 Authorization Bypass Through User-Controlled Key","lang":"eng"}]}]},"credit":[{"lang":"eng","value":"Daniel Ruf"}],"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2022-09-16 09:15:00","lastModifiedDate":"2022-09-20 13:25:00","problem_types":["CWE-639"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cm-wp:titan_anti-spam_\\&_security:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"7.3.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}