The vulnerability of Spam protection, AntiSpam, and FireWall modules in the CleanTalk plugin for WordPress website content management systems arises from improper handling of exceptional states, allowing attackers to execute arbitrary code.

The vulnerability of Spam protection, AntiSpam, and FireWall modules in the CleanTalk plugin for WordPress website content management systems is related to improper handling of exceptional states. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-10781

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

CVE-2024-10542

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10542

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10781 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

PT-2024-16373 · WordPress · Cleantalk

Name of the Vulnerable Software and Affected Versions: Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.145 Description: The issue is related to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken...

WordPress Security & Malware scan by CleanTalk plugin <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection vulnerability

Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.145...

PT-2024-8882 · Cleantalk · Cleantalk

Name of the Vulnerable Software and Affected Versions: CleanTalk versions up to and including 6.43.2 Description: The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is susceptible to unauthorized Arbitrary Plugin Installation due to an authorization bypass. This bypass is...

CVE-2023-51696 WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20...

CVE-2023-5239

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

CVE-2023-5239

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

Design/Logic Flaw

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

CVE-2023-5239 Security & Malware scan by CleanTalk < 2.121 - IP Spoofing

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

PT-2023-31967 · WordPress · Cleantalk

Name of the Vulnerable Software and Affected Versions: CleanTalk WordPress plugin versions prior to 2.121 Description: The issue allows an attacker to manipulate the client IP address retrieved by the Security & Malware scan, potentially bypassing bruteforce protection. This is due to the plugin...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.50 is vulnerable to Broken Access Control

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.50 Fixed in 2.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36698 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b7a98366ebf3 Credits Jerome...

CVE-2020-36698

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

Design/Logic Flaw

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

CVE-2020-36698 Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

CVE-2020-36698

The CVE-2020-36698 entry affects the WordPress plugin Security & Malware scan by CleanTalk, vulnerable in versions up to 2.50 due to missing capability checks on several AJAX actions and nonce disclosure in the admin dashboard source. This allows authenticated attackers with subscriber-level perm...

CVE-2022-3302

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...