Vulnerabilities and security researches foroopspam-anti-spam oopspam-anti-spam

Jun 07, 2024

CVE, Research URL: 2abea83e21a0323c5a51444c6b7c720291723c81
Home page URL: Security reports for OOPSpam Anti-Spam
Application: OOPSpam Anti-Spam
Date: Apr 01, 2022
Research Description: OOPSpam Anti-Spam [oopspam-anti-spam] < 1.1.17 WordPress OOPSpam Anti-Spam plugin <= 1.1.16 - SQL Injection (SQLi) vulnerability SQL Injection (SQLi) vulnerability discovered in WordPress OOPSpam Anti-Spam plugin (versions <= 1.1.16).
Affected versions: max 1.1.17.
Status: vulnerable

CVE, Research URL: CVE-2023-22716
Home page URL: Security reports for OOPSpam Anti-Spam
Application: OOPSpam Anti-Spam
Date: Mar 23, 2023
Research Description: Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.
Affected versions: max 1.1.45.
Status: vulnerable

CVE, Research URL: CVE-2023-35913
Home page URL: Security reports for OOPSpam Anti-Spam
Application: OOPSpam Anti-Spam
Date: Jul 11, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions.
Affected versions: max 1.1.45.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-12094
Home page URL: Security reports for OOPSpam Anti-Spam
Application: OOPSpam Anti-Spam
Date: Oct 31, 2025
Research Description: The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers (such as CF-Connecting-IP, X-Forwarded-For, and others) without verifying that those headers originate from legitimate, trusted proxies. This makes it possible for unauthenticated attackers to spoof their IP address and bypass IP-based security controls, including blocked IP lists and rate limiting protections, by sending arbitrary HTTP headers with their requests.
Affected versions: max 1.2.54.
Status: vulnerable