HIGH🇵🇱 Wersja polska

CVE-2024-10781

CVSS 8.1v3.1pub. 2024-11-26upd. 2025-07-12

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cleantalk Spam Protection\, Antispam\, Firewall

    APP
    Cleantalk
    < 6.45
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth BypassFirewall
CWE
References

Related vulnerabilities

CVE-2022-3302HIGH7.2ten sam produkt

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids bef...

CVE-2021-24295HIGH7.5ten sam produkt

It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protect...

CVE-2023-51535MEDIUM4.3ten sam produkt

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam...

CVE-2019-17515MEDIUM6.1ten sam produkt

The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting ...

CVE-2024-13365CRITICAL9.8PL ✓ten sam vendor

Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress