cleantalk
Vulnerabilities and Security Researches

Security & Malware scan by CleanTalk, CVE-2024-13365

CVE, Research URL

CVE-2024-13365

Home page URL

Security reports for Security & Malware scan by CleanTalk

Application

Security & Malware scan by CleanTalk

Published on
Feb 12, 2025
Research Description
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 2.150.
Status
vulnerable
Previous vulnerability researches
Security & Malware scan by CleanTalk (CVE-2020-36698) , Jun 07, 2024
Security & Malware scan by CleanTalk (CVE-2023-5239) , Jun 07, 2024
Security & Malware scan by CleanTalk (ac157938844d05b91240f478a39a3a6e75833ed4) , Jun 07, 2024
Security & Malware scan by CleanTalk (CVE22) , Jan 17, 2024
Security & Malware scan by CleanTalk , Apr 03, 2026
New vulnerability
Social Post Embed (CVE-2026-6809) , Apr 30, 2026
Timeline Blocks for Gutenberg (CVE-2026-6551) , Apr 29, 2026
WPC Smart Messages for WooCommerce (CVE-2026-6725) , Apr 29, 2026
Check & Log Email (CVE-2026-5306) , Apr 29, 2026
Complianz – GDPR/CCPA Cookie Consent (CVE-2026-4019) , Apr 29, 2026