CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51696 – WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51696
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. Este problema afecta a la protección contra spam, Anti-Spam, FireWall de CleanTalk: desde n/a hasta 6.20. The Spam protection, AntiSpam, FireWall by CleanTalk plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.20. • https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33996 – Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-33996
The Spam protection, AntiSpam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions along with nonce disclosure in versions up to, and including, 6.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify/export/import templates and trash/spam/modify comments among some other actions. • CWE-862: Missing Authorization •