CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5239 – Security & Malware scan by CleanTalk < 2.121 - IP Spoofing
https://notcve.org/view.php?id=CVE-2023-5239
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection. El análisis Security & Malware del complemento CleanTalk de WordPress anterior a 2.121 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor. Esto puede usarse para eludir la protección de fuerza bruta. The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.120. • https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3 • CWE-348: Use of Less Trusted Source •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36698 – Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization
https://notcve.org/view.php?id=CVE-2020-36698
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. El análisis de Seguridad y Malware del complemento CleanTalk para WordPress es vulnerable a la interacción no autorizada del usuario en versiones hasta la 2.50 incluida. Esto se debe a que faltan comprobaciones de capacidad en varias acciones AJAX y a la divulgación nonce en la página de origen del panel administrativo. • https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin https://wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01 https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve • CWE-862: Missing Authorization •