68 matches found
CVE-2022-3302 Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...
PT-2022-21649 · WordPress · Cleantalk
Name of the Vulnerable Software and Affected Versions: Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin versions prior to 5.185.1 Description: The issue concerns a lack of validation for ids used in SQL statements, potentially leading to SQL injection. This could be exploited by...
WordPress CleanTalk plugin cross-site scripting vulnerability (CNVD-2022-67605)
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. WordPress CleanTalk plugin 5.173 and earlier versions have a cross-sit...
EUVD-2021-11209
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The updatelog function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected v...
Anti-Spam WordPress Plugin Could Expose Website User Data
An SQL-injection vulnerability discovered in a WordPress plugin called “Spam protection, AntiSpam, FireWall by CleanTalk” could expose user emails, passwords, credit-card data and other sensitive information to an unauthenticated attacker. Spam protection, AntiSpam, FireWall by CleanTalk is...
CVE-2021-24131
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user admin+...
WordPress CleanTalk Plugin < 5.127.4 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113568";...
CVE-2019-17515
The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and...