The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
The checkUploadedArchive() function responsible for scanning uploaded archives for malware uploads and extracts .zip archives without proper content verification or user authentication. An attacker can upload a crafted .zip archive containing arbitrary files — including server-side scripts — which will be extracted into the website's directory structure. The lack of verification of file types and contents of uploaded files (CWE-434) makes the protection mechanism become an attack vector.
An attacker without any authentication can place arbitrary files on the server, which in practice can lead to remote code execution (RCE), takeover of the website and potentially the entire hosting server.
The Security & Malware scan by CleanTalk plugin should be updated to version 2.150 or newer as soon as possible. A fix is available in the official WordPress repository (changeset 3229205). Until the update is applied, it is recommended to consider temporarily disabling the plugin.
Security & Malware scan by CleanTalk plugin for WordPress — all versions up to and including 2.149.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCleantalk Security \& Malware Scan
APPCleantalk< 2.150
Related vulnerabilities
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from pote...
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction i...
CleanTalk Anti-Spam: nieautoryzowana instalacja wtyczek przez bypass autoryzacji
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids bef...