CVE-2023-33996

CVE-2023-33996 affects the WordPress plugin Spam protection, AntiSpam, FireWall by CleanTalk (<= 6.10). The issue is a Missing Authorization vulnerability (Broken Access Control) that allows bypassing access controls due to incorrectly configured security levels. Public reports describe impact...

CVE-2023-33996 WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10...

PT-2024-12456 · Cleantalk · Cleantalk-Spam-Protect

Name of the Vulnerable Software and Affected Versions: CleanTalk Spam Protection versions 6.10 and below Description: The issue is related to a Missing Authorization vulnerability, which allows for broken access control. This can compromise the security of the site. The estimated number of...

WordPress plugin Spam protection, AntiSpam, FireWall by CleanTalk 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugi...

Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.45 Authorization Bypass

The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability due to missing empty value check. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.44 Authorization Bypass

The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability via reverse DNS spoofing. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

Vulnerability of spam protection modules: The Spam Protection, AntiSpam, and FireWall plugins for WordPress website content management systems are vulnerable due to deficiencies in authentication procedures, allowing attackers to execute arbitrary code.

The vulnerability of Spam protection, AntiSpam, and FireWall modules in the CleanTalk plugin for WordPress website content management systems is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of Spam protection, AntiSpam, and FireWall modules in the CleanTalk plugin for WordPress website content management systems arises from improper handling of exceptional states, allowing attackers to execute arbitrary code.

The vulnerability of Spam protection, AntiSpam, and FireWall modules in the CleanTalk plugin for WordPress website content management systems is related to improper handling of exceptional states. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

WordPress CleanTalk Plugin < 6.45 Authorization Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cleantalk:cleantalk-spam-protect"; ifdescription...

WordPress CleanTalk Plugin < 6.44 Authorization Bypass Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cleantalk:cleantalk-spam-protect"; ifdescription...

CVE-2024-10781

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

CVE-2024-10781

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

CVE-2024-10542

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10542

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10542

CVE-2024-10542 affects the WordPress plugin Spam protection, Anti-Spam, FireWall by CleanTalk up to version 6.43.2, where an authorization bypass via reverse DNS spoofing in checkWithoutToken allows unauthenticated installation/activation of arbitrary plugins, potentially enabling remote code exe...

CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10542 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

CVE-2024-10570 Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validatio...

CVE-2024-10781 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

CVE-2024-10570 Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validatio...