Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HCleantalk Anti Spam
APPCleantalk< 5.149
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
Related vulnerabilities
CVE-2024-10542CRITICAL9.8PL ✓ten sam produkt
CleanTalk Anti-Spam: nieautoryzowana instalacja wtyczek przez bypass autoryzacji
CVE-2026-3213MEDIUM4.7ten sam produkt
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal A...
CVE-2023-51696MEDIUM4.3ten sam produkt
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam...
CVE-2024-13365CRITICAL9.8PL ✓ten sam vendor
Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress
CVE-2024-10781HIGH8.1ten sam vendor
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...