cleantalk
Vulnerabilities and Security Researches

Security & Malware scan by CleanTalk, CVE-2020-36698

CVE, Research URL

CVE-2020-36698

Home page URL

Security reports for Security & Malware scan by CleanTalk

Application

Security & Malware scan by CleanTalk

Published on
Oct 20, 2023
Research Description
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.
Affected versions
max 2.51.
Status
vulnerable
Previous vulnerability researches
Security & Malware scan by CleanTalk (CVE-2020-36698) , Jun 07, 2024
Security & Malware scan by CleanTalk (CVE-2023-5239) , Jun 07, 2024
Security & Malware scan by CleanTalk (ac157938844d05b91240f478a39a3a6e75833ed4) , Jun 07, 2024
Security & Malware scan by CleanTalk (CVE22) , Jan 17, 2024
Security & Malware scan by CleanTalk , Apr 03, 2026
New vulnerability
Social Post Embed (CVE-2026-6809) , Apr 30, 2026
Timeline Blocks for Gutenberg (CVE-2026-6551) , Apr 29, 2026
WPC Smart Messages for WooCommerce (CVE-2026-6725) , Apr 29, 2026
Check & Log Email (CVE-2026-5306) , Apr 29, 2026
Complianz – GDPR/CCPA Cookie Consent (CVE-2026-4019) , Apr 29, 2026