Sql injection

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user admin+...

CVE-2021-24131

CVE-2021-24131 affects the WordPress plugin Anti-Spam by CleanTalk, prior to version 5.149. The vulnerability arises from unvalidated input in the plugin’s anti-spam handling, enabling multiple authenticated SQL injections that require a high-privilege admin user. Public details reference vulnera...

CVE-2021-24131 Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user admin+...

Wordpress CleanTalk SQL注入漏洞

Wordpress CleanTalk is an application plugin for Wordpress. Provides a free anti-spam plugin that works with the premium Cloud AntiSpam service cleantalk.org. Anti-Spam by CleanTalk WordPress plugin before 5.149 suffers from a SQL injection vulnerability that stems from entering unverified...

WordPress Anti-Spam by CleanTalk plugin <= 5.148 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Multiple Authenticated SQL Injection SQLi vulnerabilities found by Nguyen Anh Tien in WordPress Anti-Spam by CleanTalk plugin versions = 5.148. Solution Update the WordPress Anti-Spam by CleanTalk plugin to the latest available version at least 5.149...

Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user admin+. PoC Vulnerable functions: removeLogs and removeSpam at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: POST...

Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user admin+. Vulnerable functions: removeLogs and removeSpam at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: POST...

Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call

Security nonce leak, allowing any authenticated users such as subscribers to make unauthorised AJAX call which could lead to arbitrary file deletion/download and function call. Note WPScanTeam: We do not consider the issue fully remediated, as the AJAX calls rely on CSRF check for authorisation,...

WordPress CleanTalk cleantalk-spam-protect cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CleanTalk cleantalk-spam-protect is a spam-protection plugin used in it. A cross-site scripting vulnerability exists in WordPress...

WordPress CleanTalk Plugin < 5.127.4 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113568";...

WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <=5.127.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin versions =5.127.3. Solution Update the WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin to the latest available version at least 5.127.4...

CVE-2019-17515

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...

CVE-2019-17515

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...

Cross site scripting

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...

CVE-2019-17515

CVE-2019-17515 involves the WordPress plugin CleanTalk Spam Protect (AntiSpam/Firewall) prior to version 5.127.4. The vulnerability is a reflected Cross-Site Scripting (XSS) in the plugin’s code paths inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector states that when an ad...

CVE-2019-17515

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...

Anti-Spam by CleanTalk < 5.127.4 - Cross-Site Scripting Issue

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin was affected by a Cross-Site Scripting Issue security vulnerability...

Anti-Spam by CleanTalk - Critical - Cross site scripting and SQL Injection - SA-CONTRIB-2019-010

Anti-spam module by CleanTalk to protect your Drupal sites from spambot registration and spam comments publications thru comment and contact forms. This module does not sufficiently filter submitted content in certain circumstances...

Anti-Spam by CleanTalk < 5.22 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...