Filtered by vendor Oopspam
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12094 | 2 Oopspam, Wordpress | 2 Oopspam Anti-spam, Wordpress | 2025-11-04 | 5.3 Medium |
| The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers (such as CF-Connecting-IP, X-Forwarded-For, and others) without verifying that those headers originate from legitimate, trusted proxies. This makes it possible for unauthenticated attackers to spoof their IP address and bypass IP-based security controls, including blocked IP lists and rate limiting protections, by sending arbitrary HTTP headers with their requests. | ||||
| CVE-2023-22716 | 1 Oopspam | 1 Oopspam Anti-spam | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions. | ||||
| CVE-2023-35913 | 1 Oopspam | 1 Oopspam Anti-spam | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. | ||||
Page 1 of 1.