Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites

Two vulnerabilities in the Anti-Spam by CleanTalk WordPress plugin allowed attackers to execute arbitrary code remotely.

WordPress vulnerability

Two critical vulnerabilities in CleanTalk’s anti-spam plugin for WordPress could allow attackers to execute arbitrary code remotely, without authentication, Defiant warns.

The issues, tracked as CVE-2024-10542 and CVE-2024-10781 (CVSS score of 9.8), affect the ‘Spam protection, Anti-Spam, FireWall by CleanTalk’ plugin, which has more than 200,000 active installations.

Both flaws could allow remote, unauthenticated attackers to install and activate arbitrary plugins, including vulnerable plugins that could be exploited for remote code execution (RCE).

CVE-2024-10542, Defiant explains, is an authorization bypass affecting a function handling remote calls and plugin installations, and which performs token authorization for these actions.

Two other functions that are used to check the originating IP address and the domain name are vulnerable to IP and DNS spoofing, allowing attackers to specify an IP and a subdomain they control and bypass the authorization.

“The attacker can then perform any of the actions behind this intended authorization check, such as plugin installation, activation, deactivation or uninstallation,” Defiant explains.

The flaw was found in late October and was resolved on November 1 with the release of version 6.44 of the plugin. The patched iteration, however, was found vulnerable to CVE-2024-10781, another method of bypassing the token authorization.

Because the token can be authorized through hash comparison with the API key, if a website has not configured the API key in the plugin, an attacker can authorize themselves “using a token matching the empty hash value”, Defiant explains.

Advertisement. Scroll to continue reading.

The same as with the first vulnerability, successful exploitation of CVE-2024-10781 allows an attacker to install and activate arbitrary plugins and then exploit them for RCE.

Spam protection, Anti-Spam, FireWall by CleanTalk version 6.45 was released on November 14 with patches for the second vulnerability.

According to WordPress data, as of November 26, roughly half of the plugin’s active installations do not run a patched version, meaning they are potentially exposed to exploitation attempts.

Users are advised to update to version 6.45 as soon as possible, as it contains fixes for both security defects.

Related: Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover

Related: Several Vulnerabilities Patched With Release of WordPress 5.0.1

Related: Vulnerabilities in Etherpad Collaboration Tool Allow Data Theft

Related: Vulnerabilities in Visual Studio Code Extensions Expose Developers to Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.