CVE-2024-38777
WordPress Titan Anti-spam & Security plugin <= 7.3.6 - Broken Access Control vulnerabilityMissing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.
We have discovered 8,990 live websites that are affected by CVE-2024-38777.
Affected Software
| Product |  Anti-spam for WordPress |
| Category | Anti SPAM |
| Vulnerable Domains | 8,990 live websites (62% of Anti-spam for WordPress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 34 versions ( 92% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Nov 1, 2024
- Updated - Apr 28, 2026
Credits
- Joshua Chan (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-38777 United States | 3,191 websites |
 Poland | 841 websites |
 Germany | 574 websites |
 Czech Republic | 427 websites |
 Italy | 424 websites |
 France | 411 websites |
 GB | 408 websites |
 Spain | 371 websites |
 Russia | 251 websites |
 Canada | 201 websites |
Website Distribution by TLD
Number of websites using CVE-2024-38777| .com | 4,260 websites |
| .pl | 770 websites |
| .org | 381 websites |
| .cz | 356 websites |
| .net | 264 websites |
| .it | 245 websites |
| .ru | 215 websites |
| .co.uk | 190 websites |
| .de | 180 websites |
| .fr | 170 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-38777
Top websites that are affected by CVE-2024-38777. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.*************.com | United States | **,*** | |
| **************.com | United States | **,*** | |
| *******.***************.com | United States | **,*** | |
| *************.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| *************.***************.com | United States | **,*** | |
| *************.net | United States | ***,*** | |
| ****.org | United States | ***,*** | |
| *********.***.br |  Brazil | ***,*** | |
| **********.co |  Cyprus | ***,*** |
FAQ
CVE-2024-38777 is Missing Authorization in Anti-spam for WordPress
A total of 8,990 websites have been identified as vulnerable to CVE-2024-38777, based on global website indexing conducted by WebTechSurvey.
The Anti-spam for WordPress is affected by the CVE-2024-38777 vulnerability.
Anti-spam for WordPress versions up to and including 7.3.6 are vulnerable to CVE-2024-38777.