Page 2 of 11 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-28221 – CleanTalk AntiSpam <= 5.173 Reflected XSS

https://notcve.org/view.php?id=CVE-2022-28221

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php` El plugin CleanTalk AntiSpam versiones anteriores a 5.173 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado (XSS) por medio del parámetro $_REQUEST["page"] en "/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php" The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter found in the /lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php file. WordPress CleanTalk plugin versions 5.173 and below suffer from multiple cross site scripting vulnerabilities. • https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-28222 – CleanTalk AntiSpam <= 5.173 Reflected XSS

https://notcve.org/view.php?id=CVE-2022-28222

The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php` El plugin CleanTalk AntiSpam versiones anteriores a 5.173 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado (XSS) por medio del parámetro $_REQUEST["page"] en "/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php" The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in the /lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php file. WordPress CleanTalk plugin versions 5.173 and below suffer from multiple cross site scripting vulnerabilities. • https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24295 – Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4

https://notcve.org/view.php?id=CVE-2021-24295

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. Era posible explotar una vulnerabilidad de inyección SQL ciega Basada en el Tiempo y no autenticada en Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin versiones anteriores a 5.153.4.&#xa0;La función update_log en la biblioteca lib/Cleantalk/ApbctWP/Firewall/SFW.php incluía una consulta vulnerable que podía inyectarse por medio del encabezado del agente de usuario al manipular las cookies ajustadas por la protección contra correo no deseado, antispam, FireWall por el plugin CleanTalk de WordPress versiones anteriores a 5.153.4 , enviando una petición inicial para obtener una cookie ct_sfw_pass_key y luego configurando manualmente una cookie ct_sfw_passed separada y no permitiendo que se restablezca • https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24131 – Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

https://notcve.org/view.php?id=CVE-2021-24131

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+). Una entrada no comprobada en Anti-Spam del plugin de WordPress CleanTalk, versiones anteriores a 5.149, conlleva a múltiples vulnerabilidades de inyección SQL autenticadas, sin embargo, requiere un usuario muy privilegiado (admin+) • https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-36698 – Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

https://notcve.org/view.php?id=CVE-2020-36698

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. El análisis de Seguridad y Malware del complemento CleanTalk para WordPress es vulnerable a la interacción no autorizada del usuario en versiones hasta la 2.50 incluida. Esto se debe a que faltan comprobaciones de capacidad en varias acciones AJAX y a la divulgación nonce en la página de origen del panel administrativo. • https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin https://wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01 https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve • CWE-862: Missing Authorization •