HIGH✓ PATCH🇬🇧 English

CVE-2020-36698

CVSS 8.8v3.1pub. 2023-10-20upd. 2026-04-08

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cleantalk Security \& Malware Scan

    APP
    Cleantalk
    < 2.51
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-13365CRITICAL9.8PL ✓ten sam produkt

Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress

CVE-2023-5239HIGH7.5ten sam produkt

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from pote...

CVE-2024-10542CRITICAL9.8PL ✓ten sam vendor

CleanTalk Anti-Spam: nieautoryzowana instalacja wtyczek przez bypass autoryzacji

CVE-2024-10781HIGH8.1ten sam vendor

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...

CVE-2022-3302HIGH7.2ten sam vendor

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids bef...