68 matches found
EUVD-2023-57566
Malicious code in bioql PyPI...
CVE-2023-5239
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection...
CVE-2022-3302
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...
CVE-2019-17515
The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...
CVE-2024-13365
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
30,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Security & Malware scan by CleanTalk WordPress Plugin
On December 7th, 2024, we received a submission for an Arbitrary File Upload vulnerability in Security & Malware scan by CleanTalk, a WordPress plugin with more than 30,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files to a...
CVE-2024-13365
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
CVE-2024-13365
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
CVE-2024-13365 Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
CVE-2024-13365 Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive function in all versions up to, and including, 2.149. This makes it possib...
PT-2025-6458
Name of the Vulnerable Software and Affected Versions Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.149 Description The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and...
WordPress plugin Security & Malware scan by CleanTalk 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...
WordPress Security & Malware scan by CleanTalk plugin <= 2.149 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Lucio Sá in WordPress Plugin Security & Malware scan by CleanTalk versions = 2.149...
CVE-2020-36698
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...
CVE-2024-10781
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...
CVE-2024-10542
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for...
CVE-2023-33996 WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in CleanTalk Inc Spam protection, AntiSpam, FireWall by CleanTalk cleantalk-spam-protect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through = 6.10...
CVE-2023-33996 WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10...
Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.45 Authorization Bypass
The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability due to missing empty value check. Note that the scanner has not tested for these issues but has instead relied only on the application's...
Spam protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress < 6.44 Authorization Bypass
The WordPress Spam protection, Anti-Spam, FireWall by CleanTalk Plugin installed on the remote host is affected by an authorization bypass vulnerability via reverse DNS spoofing. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...