The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NCleantalk Security \& Malware Scan
APPCleantalk≤ 2.121
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2024-13365CRITICAL9.8PL ✓ten sam produkt
Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress
CVE-2020-36698HIGH8.8ten sam produkt
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction i...
CVE-2024-10542CRITICAL9.8PL ✓ten sam vendor
CleanTalk Anti-Spam: nieautoryzowana instalacja wtyczek przez bypass autoryzacji
CVE-2024-10781HIGH8.1ten sam vendor
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...
CVE-2022-3302HIGH7.2ten sam vendor
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids bef...