Security & Malware scan by CleanTalk < 2.121 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. PoC Send 5 invalid login requests and thus block the IP address. POST /wp-login.php HTTP/1.1 Host: localhost...

WordPress Security & Malware scan by CleanTalk Plugin <= 2.50 is vulnerable to Broken Access Control

Software Security & Malware scan by CleanTalk Type Plugin Vulnerable versions = 2.50 Fixed in 2.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36698 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b7a98366ebf3 Credits Jerome...

CVE-2020-36698

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

CVE-2020-36698

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

Design/Logic Flaw

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

CVE-2020-36698

The CVE-2020-36698 entry affects the WordPress plugin Security & Malware scan by CleanTalk, vulnerable in versions up to 2.50 due to missing capability checks on several AJAX actions and nonce disclosure in the admin dashboard source. This allows authenticated attackers with subscriber-level perm...

CVE-2020-36698 Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

CVE-2020-36698 Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam

Every website owner or webmaster grapples with the issue of spam on their website forms. The volume of spam can be so overwhelming that finding useful information within it becomes quite challenging. What exacerbates this issue is that spam can populate your public pages, appearing in comments an...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.10 is vulnerable to Broken Access Control

Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.10 Fixed in 6.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33996 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b4ca9dd06551...

CVE-2022-3302

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...

CVE-2022-3302

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...

Sql injection

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...

CVE-2022-3302 Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...

WordPress plugin Spam protection SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blogs on PHP and MySQL servers. ghost is a plugin for importing/exporting WordPress data, and WordPress plugin is an...

CVE-2022-3302

CVE-2022-3302 affects the WordPress plugin Spam protection, AntiSpam, FireWall by CleanTalk prior to version 5.185.1. The issue is an SQL injection caused by unvalidated ids used in SQL statements, exploitable by high-privilege users such as admins. Connected sources reference authenticated SQLi ...

PT-2022-21649 · WordPress · Cleantalk

Name of the Vulnerable Software and Affected Versions: Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin versions prior to 5.185.1 Description: The issue concerns a lack of validation for ids used in SQL statements, potentially leading to SQL injection. This could be exploited by...

CVE-2022-3302 Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...

Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The plugin does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin When deleting a scan logs /edit-comments.php?page=ctcheckspamlogs, intercept the request and change the spamids parameter to...

Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

The plugin does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin PoC When deleting a scan logs /edit-comments.php?page=ctcheckspamlogs, intercept the request and change the spamids parameter to...