3 matches found
CVE-2024-13365
The CVE-2024-13365 entry concerns the WordPress plugin Security & Malware scan by CleanTalk, affecting all versions up to 2.149. The vulnerability arises from the plugin uploading and extracting .zip archives during malware scanning via the checkUploadedArchive() function, enabling unauthenticate...
CVE-2023-5239
CVE-2023-5239 affects the CleanTalk Security & Malware scan plugin for WordPress prior to version 2.121. The issue arises from the plugin retrieving client IP addresses from potentially untrusted headers, allowing an attacker to spoof/manipulate the IP value and potentially bypass bruteforce prot...
CVE-2020-36698
The CVE-2020-36698 entry affects the WordPress plugin Security & Malware scan by CleanTalk, vulnerable in versions up to 2.50 due to missing capability checks on several AJAX actions and nonce disclosure in the admin dashboard source. This allows authenticated attackers with subscriber-level perm...