Primary

Context

OOPSpam Anti-Spam WordPress Plugin IP Header Spoofing Vulnerability

Vulnerability

Patched

A vulnerability allowing IP header spoofing has been identified in the OOPSpam Anti-Spam WordPress plugin, specifically in versions through 1.2.53. The issue arises because the plugin accepts client-controlled forwarded headers, such as CF-Connecting-IP and X-Forwarded-For, without verifying their origin from trusted proxies. This flaw enables unauthenticated attackers to fake their IP addresses, circumventing IP-based security measures like blocklists and rate limits, by sending custom HTTP headers with their requests.

Impact

Exploitation of this vulnerability allows for IP header spoofing, enabling attackers to bypass IP-based security controls such as blocked IP lists and rate limiting protections.

Remediation

Users can update to version 1.2.54 or a newer patched version to address this vulnerability.

Added: Oct 31, 2025, 9:22 AM

Updated: Oct 31, 2025, 9:22 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OOPSpam Anti-Spam WordPress Plugin IP Header Spoofing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

OOPSpam Anti-Spam

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating