The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
The vulnerability results from an error in the checkWithoutToken function, where the authorization mechanism can be bypassed through reverse DNS spoofing. The attacker manipulates the DNS response to falsely authenticate the request as coming from a trusted source. As a result, it is possible to install and activate any plugin without having any permissions on the WordPress site. If a plugin installed this way contains its own vulnerabilities, the attacker can escalate the attack to RCE level.
An unauthenticated attacker can install and activate arbitrary WordPress plugins, which when a vulnerable plugin is installed, enables remote code execution (RCE) capability and complete server takeover.
The plugin must be updated immediately to a version higher than 6.43.2. A patch is available in the WordPress repository under changeset 3179819. Until the update is applied, it is recommended to monitor the list of installed plugins for unauthorized changes.
The plugin 'Spam protection, Anti-Spam, FireWall by CleanTalk' for WordPress — all versions up to and including 6.43.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCleantalk Anti Spam
APPCleantalk< 6.44
Related vulnerabilities
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple auth...
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal A...
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam...
Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...