cve/2022/CVE-2022-2877.md

### [CVE-2022-2877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2877)
![](https://img.shields.io/static/v1?label=Product&message=Titan%20Anti-spam%20%26%20Security&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.3.1%3C%207.3.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)

### Description

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.

### POC

#### Reference
- https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-2877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2877)`
			`![](https://img.shields.io/static/v1?label=Product&message=Titan%20Anti-spam%20%26%20Security&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.3.1%3C%207.3.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)`

			`### Description`

			`The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/f1af4267-3a43-4b88-a8b9-c1d5b2aa9d68`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`