CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13365 – Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-13365
11 Feb 2025 — The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3229205/security-malware-firewall#file527 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10570 – Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-10570
25 Nov 2024 — The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Security &am... • https://plugins.trac.wordpress.org/browser/security-malware-firewall/tags/2.145/lib/CleantalkSP/Common/RemoteCalls.php#L59 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-10542 – Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2024-10542
25 Nov 2024 — The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. El complemento Spam protection, A... • https://github.com/FoKiiin/CVE-2024-10542 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10781 – Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation
https://notcve.org/view.php?id=CVE-2024-10781
25 Nov 2024 — The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. El complemento Spam protection, Anti-Spa... • https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.php#L95 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51696 – WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51696
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. Este problema afecta a la protección contra spam, Anti-Spam, FireWall de CleanTalk: desde n/a hasta 6.20. The Spam protection, AntiSpam, FireWall ... • https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51535 – WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51535
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. Este problema afecta a Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk: desde n/a hasta 6.20. The Spam protection, AntiSpam... • https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5239 – Security & Malware scan by CleanTalk < 2.121 - IP Spoofing
https://notcve.org/view.php?id=CVE-2023-5239
06 Nov 2023 — The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. El análisis Security & Malware del complemento CleanTalk de WordPress anterior a 2.121 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor. Esto puede usarse para eludir la protección de fuerza brut... • https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3 • CWE-348: Use of Less Trusted Source •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33996 – WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-33996
22 Jun 2023 — Missing Authorization vulnerability in СleanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10. The Spam protection, AntiSpam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions along with nonce disclosure in versi... • https://patchstack.com/database/wordpress/plugin/cleantalk-spam-protect/vulnerability/wordpress-spam-protection-antispam-firewall-by-cleantalk-plugin-6-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3302 – Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2022-3302
03 Oct 2022 — The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin El plugin Spam protection, AntiSpam, FireWall by CleanTalk de WordPress versiones anteriores a 5.185.1, no comprueba los ids antes de usarlos en una sentencia SQL, lo que podría conllevar a una inyección SQL explotable por usuarios con altos privilegios como el admin The AntiSpam pl... • https://wpscan.com/vulnerability/1b5a018d-f2d4-4373-be1e-5162cc5c928b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28221 – CleanTalk AntiSpam <= 5.173 Reflected XSS
https://notcve.org/view.php?id=CVE-2022-28221
30 Mar 2022 — The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php` El plugin CleanTalk AntiSpam versiones anteriores a 5.173 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado (XSS) por medio del parámetro $_REQUEST["page"] en "/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php" The CleanTalk AntiSpam plugin <= 5.173 for WordPre... • https://packetstorm.news/files/id/166542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •