HIGH🇵🇱 Wersja polska

CVE-2021-24131

CVSS 7.2v3.1pub. 2021-03-18upd. 2024-11-21

Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Cleantalk Anti Spam

    APP
    Cleantalk
    < 5.149
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-10542CRITICAL9.8PL ✓ten sam produkt

CleanTalk Anti-Spam: nieautoryzowana instalacja wtyczek przez bypass autoryzacji

CVE-2026-3213MEDIUM4.7ten sam produkt

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal A...

CVE-2023-51696MEDIUM4.3ten sam produkt

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam...

CVE-2024-13365CRITICAL9.8PL ✓ten sam vendor

Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress

CVE-2024-10781HIGH8.1ten sam vendor

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...