Vulnerabilities and security researches forsecurity-malware-firewall security-malware-firewall

Apr 03, 2026

PSC, Research URL: PSC-2024-64527
Home page URL: Security reports for Security & Malware scan by CleanTalk
Application: Security & Malware scan by CleanTalk
Date: Apr 03, 2026
Research Description: The Security & Malware Scan by CleanTalk plugin (version 2.176) has received the prestigious Plugin Security Certification (PSC) from CleanTalk. This powerful plugin provides comprehensive protection to WordPress websites by scanning for malware, blocking brute-force attacks, filtering unwanted traffic, and protecting your site from online threats. CleanTalk ensures that your website remains secure, fast, and fully optimized by combining a robust set of features to stop malicious attacks before they happen.
Affected versions: Min 2.177, max 2.177.
Status: SAFE & CERTIFIED

Dec 11, 2025

CVE, Research URL: CVE-2025-13604
Home page URL: Security reports for Security & Malware scan by CleanTalk
Application: Security & Malware scan by CleanTalk
Date: Dec 09, 2025
Research Description: The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.169.
Status: vulnerable

Feb 13, 2025

CVE, Research URL: CVE-2024-13365
Home page URL: Security reports for Security & Malware scan by CleanTalk
Application: Security & Malware scan by CleanTalk
Date: Feb 12, 2025
Research Description: The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: max 2.150.
Status: vulnerable

Nov 27, 2024

CVE, Research URL: CVE-2024-10570
Home page URL: Security reports for Security & Malware scan by CleanTalk
Application: Security & Malware scan by CleanTalk
Date: Nov 26, 2024
Research Description: The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 2.145.1.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2020-36698
Home page URL: Security reports for Security & Malware scan by CleanTalk
Application: Security & Malware scan by CleanTalk
Date: Oct 20, 2023
Research Description: The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.
Affected versions: max 2.51.
Status: vulnerable

CVE, Research URL: CVE-2023-5239
Home page URL: Security reports for Security & Malware scan by CleanTalk
Application: Security & Malware scan by CleanTalk
Date: Nov 27, 2023
Research Description: The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.
Affected versions: max 2.121.
Status: vulnerable

CVE, Research URL: ac157938844d05b91240f478a39a3a6e75833ed4
Home page URL: Security reports for Security & Malware scan by CleanTalk
Application: Security & Malware scan by CleanTalk
Date: Feb 18, 2022
Research Description: Security & Malware scan by CleanTalk [security-malware-firewall] < 2.51 WordPress Security & Malware scan by CleanTalk plugin <= 2.80 - SQL Injection (SQLi) vulnerability SQL Injection (SQLi) vulnerability discovered in WordPress Security & Malware scan by CleanTalk plugin (versions <= 2.80).
Affected versions: max 2.51.
Status: vulnerable

Jan 17, 2024