cleantalk
Vulnerabilities and Security Researches

Spam protection, Anti-Spam, FireWall by CleanTalk, CVE-2024-10542

CVE, Research URL

CVE-2024-10542

Home page URL

Security reports for Spam protection, Anti-Spam, FireWall by CleanTalk

Application

Spam protection, Anti-Spam, FireWall by CleanTalk

Published on
Nov 26, 2024
Research Description
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Affected versions
max 6.44.
Status
vulnerable
Previous vulnerability researches
Spam protection, Anti-Spam, FireWall by CleanTalk (CVE-2024-10542) , Nov 26, 2024
Spam protection, Anti-Spam, FireWall by CleanTalk (CVE-2024-10781) , Nov 26, 2024
Spam protection, Anti-Spam, FireWall by CleanTalk , Aug 02, 2024
Spam protection, Anti-Spam, FireWall by CleanTalk (CVE-2026-8071) , Jun 11, 2026
Spam protection, Anti-Spam, FireWall by CleanTalk (CVE-2021-24295) , Jun 07, 2024
New vulnerability
Yoast Duplicate Post (CVE-2026-53740) , Jun 11, 2026
Yoast Duplicate Post (CVE-2026-53739) , Jun 11, 2026
Juicer.io: Effortlessly embed, curate, and aggregate social media feeds into your website (CVE-2026-53737) , Jun 11, 2026
UpdraftPlus: WordPress Backup & Migration Plugin (CVE-2026-10795) , Jun 11, 2026
Plugin Name: ePaperFlip Publisher (CVE-2026-7662) , Jun 11, 2026