The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.