CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 10:3 a.m.•8 views

CVE-2019-17515

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...

6.1CVSS6.3AI score0.00332EPSS

RedhatCVE•added 2025/02/14 9:52 a.m.•7 views

CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS9.8AI score0.02736EPSS

Wordfence Blog•added 2025/02/12 5:0 p.m.•19 views

30,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Security & Malware scan by CleanTalk WordPress Plugin

On December 7th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Security & Malware scan by CleanTalk, a WordPress plugin with more than 30,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a...

9.8CVSS8.3AI score0.02736EPSS

Exploits0

OSV•added 2025/02/12 10:15 a.m.•1 views

CVE-2024-13365

9.8CVSS6.4AI score

NVD•added 2025/02/12 10:15 a.m.•10 views

CVE-2024-13365

9.8CVSS0.02736EPSS

CVE•added 2025/02/12 9:22 a.m.•70 views

CVE-2024-13365

CVE-2024-13365 affects Security & Malware scan by CleanTalk (WordPress). Technical details from connected docs show an arbitrary-file-upload flaw: the plugin uploads and extracts .zip archives during malware checks via checkUploadedArchive(), using a destination in the uploads directory. The vuln...

9.8CVSS9.9AI score0.02736EPSS

In wildExploits0References2Affected Software1

Vulnrichment•added 2025/02/12 9:22 a.m.•7 views

CVE-2024-13365 Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload

9.8CVSS9.9AI score0.02736EPSS

Cvelist•added 2025/02/12 9:22 a.m.•15 views

CVE-2024-13365 Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload

9.8CVSS0.02736EPSS

CNNVD•added 2025/02/12 12:0 a.m.•3 views

WordPress plugin Security & Malware scan by CleanTalk 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...

9.8CVSS8.9AI score0.02736EPSS

Positive Technologies•added 2025/02/12 12:0 a.m.•2 views

PT-2025-6458

Name of the Vulnerable Software and Affected Versions Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.149 Description The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and...

9.8CVSS7.9AI score0.02736EPSS

Exploits0References15

Patchstack•added 2025/02/11 10:33 p.m.•3 views

WordPress Security & Malware scan by CleanTalk plugin <= 2.149 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.149...

9.8CVSS7AI score0.02736EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/02/05 3:7 p.m.•7 views

CVE-2020-36698

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

8.8CVSS6.4AI score0.00261EPSS

RedhatCVE•added 2025/02/05 5:6 a.m.•9 views

CVE-2024-10781

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

8.1CVSS8AI score0.02512EPSS

RedhatCVE•added 2025/02/05 4:55 a.m.•8 views

CVE-2024-10542

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

9.8CVSS8AI score0.40965EPSS

NVD•added 2024/12/13 3:15 p.m.•14 views

CVE-2023-33996

Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10...

8.8CVSS0.00896EPSS

ATTACKERKB•added 2024/12/13 3:15 p.m.•2 views

CVE-2023-33996

Missing Authorization vulnerability in CleanTalk Inc Spam protection, AntiSpam, FireWall by CleanTalk cleantalk-spam-protect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through = 6.10...

8.8CVSS5.8AI score0.00896EPSS

Exploits0References3

Vulnrichment•added 2024/12/13 2:23 p.m.•5 views

CVE-2023-33996 WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability

8.8CVSS7.1AI score0.00896EPSS