What the vulnerability does
01Description
Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3.
Explanation of Vulnerability in Simple Terms
Antispam Bee through version 2.11.3 contains an authentication bypass vulnerability that allows unauthenticated attackers to modify site data over the network. The vulnerability stems from insufficient validation of request authenticity, enabling attackers to perform unauthorized actions without needing valid credentials or user interaction.
What an attacker can do
Modify site data without authentication, such as changing plugin settings or spam filter rules.
Potential impact on your site
Attackers can alter Antispam Bee configuration and spam filtering behavior without your permission or knowledge.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities