CVE: CVE-2022-1663

Name: Stop Spam Comments (stop-spam-comments)

Version: 0.2.1.2

Date: 2022-04-1717:14:15

Advisory: https://wpscan.com/vulnerability/30820be1-e96a-4ff6-b1ec-efda14069e70

Type: Bypass

Exploit: 


The ssc_key input is always the same for the same post. This can be easily retrieved for later spamming.
No further CSRF token is used. Can be easily bypassed with solutions like Chrome headless / puppeteer.