Lucene search
K

68 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-57566

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00653EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:26 a.m.6 views

CVE-2023-5239

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...

7.5CVSS6.7AI score0.00653EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 p.m.10 views

CVE-2022-3302

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.5AI score0.01015EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.9 views

CVE-2019-17515

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...

6.1CVSS6.3AI score0.01307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 9:52 a.m.8 views

CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS9.8AI score0.01557EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2025/02/12 5:0 p.m.20 views

30,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Security & Malware scan by CleanTalk WordPress Plugin

On December 7th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Security & Malware scan by CleanTalk, a WordPress plugin with more than 30,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a...

9.8CVSS8.3AI score0.01557EPSS
Exploits0
OSV
OSV
added 2025/02/12 10:15 a.m.2 views

CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS6.4AI score0.01557EPSS
Exploits0References2
NVD
NVD
added 2025/02/12 10:15 a.m.13 views

CVE-2024-13365

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS0.01557EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/12 9:22 a.m.16 views

CVE-2024-13365 Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS0.01557EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/12 9:22 a.m.8 views

CVE-2024-13365 Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...

9.8CVSS9.9AI score0.01557EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/12 12:0 a.m.6 views

PT-2025-6458

Name of the Vulnerable Software and Affected Versions Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.149 Description The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and...

9.8CVSS7.9AI score0.01557EPSS
Exploits0References15
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.5 views

WordPress plugin Security & Malware scan by CleanTalk 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...

9.8CVSS8.9AI score0.01557EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/11 10:33 p.m.4 views

WordPress Security & Malware scan by CleanTalk plugin <= 2.149 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.149...

9.8CVSS7AI score0.01557EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.9 views

CVE-2020-36698

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

8.8CVSS6.4AI score0.00964EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:6 a.m.11 views

CVE-2024-10781

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

8.1CVSS8AI score0.03824EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:55 a.m.11 views

CVE-2024-10542

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...

9.8CVSS8AI score0.15236EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/13 2:23 p.m.7 views

CVE-2023-33996 WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in CleanTalk Inc Spam protection, AntiSpam, FireWall by CleanTalk cleantalk-spam-protect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through = 6.10...

8.8CVSS7.1AI score0.00685EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:23 p.m.30 views

CVE-2023-33996 WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10...

8.8CVSS0.00685EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/12/03 12:0 a.m.7 views

Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.45 Authorization Bypass

The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability due to missing empty value check. Note that the scanner has not tested for these issues but has instead relied only on the application's...

8.1CVSS7.4AI score0.03824EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/12/03 12:0 a.m.10 views

Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.44 Authorization Bypass

The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability via reverse DNS spoofing. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

9.8CVSS7.5AI score0.15236EPSS
Exploits1References3
Rows per page
Query Builder