WordPress Spam protection, Anti-Spam, FireWall Plugin security update advisory
Overview
An update has been released to address vulnerabilities in WordPress Spam protection, Anti-Spam, FireWall Plugin. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-10781
- Spam Protection, Anti-Spam, Firewall versions: ~ 6.44 (inclusive) (CleanTalk)
CVE-2024-10542
- Spam Protection, Anti-Spam, Firewall versions: ~ 6.43.2 (inclusive) (CleanTalk)
Resolved Vulnerabilities
Missing validation of the ‘api_key’ value in the WordPress CleanTalk plugin, which could allow unauthenticated attackers to install and activate arbitrary plugins, leading to remote code execution (CVE-2024-10781)
Authentication bypass vulnerability in the WordPress CleanTalk plugin that could allow an unauthenticated attacker to install and activate arbitrary plugins (CVE-2024-10542)
Vulnerability Patches
Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-10781
- Spam Protection, Anti-Spam, Firewall version: 6.45 (CleanTalk)
CVE-2024-10542
- Spam Protection, Anti-Spam, Firewall version: 6.44 (CleanTalk)
Referenced Sites
[1] CVE-2024-10781 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-10781
[2] Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 – Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation
[3] CVE-2024-10542 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-10542
[4] Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 – Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation