CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51535 – WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51535
27 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. Este problema afecta a Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk: desde n/a hasta 6.20. The Spam protection, AntiSpam... • https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-anti-spam-firewall-by-cleantalk-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3302 – Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2022-3302
03 Oct 2022 — The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin El plugin Spam protection, AntiSpam, FireWall by CleanTalk de WordPress versiones anteriores a 5.185.1, no comprueba los ids antes de usarlos en una sentencia SQL, lo que podría conllevar a una inyección SQL explotable por usuarios con altos privilegios como el admin The AntiSpam pl... • https://wpscan.com/vulnerability/1b5a018d-f2d4-4373-be1e-5162cc5c928b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28221 – CleanTalk AntiSpam <= 5.173 Reflected XSS
https://notcve.org/view.php?id=CVE-2022-28221
30 Mar 2022 — The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php` El plugin CleanTalk AntiSpam versiones anteriores a 5.173 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado (XSS) por medio del parámetro $_REQUEST["page"] en "/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php" The CleanTalk AntiSpam plugin <= 5.173 for WordPre... • https://packetstorm.news/files/id/166542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28222 – CleanTalk AntiSpam <= 5.173 Reflected XSS
https://notcve.org/view.php?id=CVE-2022-28222
30 Mar 2022 — The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php` El plugin CleanTalk AntiSpam versiones anteriores a 5.173 incluyéndola para WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado (XSS) por medio del parámetro $_REQUEST["page"] en "/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php" The CleanTalk AntiSpam plugin <= 5.173 for WordPress is ... • https://packetstorm.news/files/id/166542 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24295 – Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4
https://notcve.org/view.php?id=CVE-2021-24295
05 Mar 2021 — It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and th... • https://wpscan.com/vulnerability/152171fc-888c-4275-a118-5a1e664ef28b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17515 – Spam protection, AntiSpam, FireWall by CleanTalk <= 5.127.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17515
12 Nov 2019 — The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. El plugin CleanTalk cleantalk-spam-protect versiones anteriores a la versión 5.127.4 para... • https://plugins.trac.wordpress.org/changeset/2172333 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •