Critical Vulnerabilities in CleanTalk WordPress Plugin Allow Remote Code Execution
2024-11-26
Learn about the importance of patch management to protect WordPress sites from critical vulnerabilities that can lead to remote code execution.
Two critical vulnerabilities in the CleanTalk WordPress Anti-Spam plugin, impacting over 200,000 sites, could allow unauthorized attackers to install and activate malicious plugins, potentially leading to remote code execution. The flaws involve authorization bypass issues, one due to a missing value check and another through reverse DNS spoofing. Users are advised to update to the latest versions, 6.44 and 6.45, which address these security issues. The situation coincides with ongoing campaigns exploiting compromised WordPress sites to inject malicious code, posing additional risks.
Web App/Website Vulnerability, Patch Management, Privilege Escalation
WordPress, CleanTalk, Remote Code Execution, CVE-2024-10542, CVE-2024-10781, Plugin Vulnerability, Authorization Bypass
CVE-2024-10542; CVE-2024-10781
WordPress, CleanTalk Spam protection, Anti-Spam, FireWall plugin
Two significant security flaws have been discovered in the CleanTalk WordPress Anti-Spam plugin, which affects over 200,000 websites. These vulnerabilities could enable attackers to install and enable malicious plugins, leading to potential remote code execution. The vulnerabilities in question have been identified as CVE-2024-10542 and CVE-2024-10781, each with a high CVSS score of 9.8. These flaws have been addressed in plugin versions 6.44 and 6.45, which were released recently. The CleanTalk Spam protection, Anti-Spam, and FireWall plugin is a widely-used WordPress plugin designed to block spam comments, registrations, and other unwanted activities. It serves as a "universal anti-spam plugin." CVE-2024-10781: This vulnerability is due to an authorization bypass issue caused by a missing check for empty values in the 'api_key' within the 'perform' function. This flaw allows an attacker to install and activate arbitrary plugins without proper authorization. CVE-2024-10542: This vulnerability results from an authorization bypass through reverse DNS spoofing in the checkWithoutToken() function. It also enables unauthorized plugin manipulation. Both vulnerabilities could allow attackers to install, activate, deactivate, or even uninstall plugins, making it possible to execute malicious activities on affected websites. Website administrators using the CleanTalk plugin should update to the latest versions, 6.44 or 6.45, to protect against these vulnerabilities and prevent potential exploitation. These vulnerabilities coincide with ongoing cyber campaigns targeting WordPress sites. Attackers are exploiting compromised sites to inject malicious code, which redirects visitors to fraudulent sites, skims login credentials, and deploys malware to capture admin passwords. The malicious activity can also lead to redirection to scam sites and execution of arbitrary PHP code on servers.Critical Vulnerabilities in WordPress Anti-Spam Plugin
Overview of the Vulnerabilities
Plugin Description
Nature of the Vulnerabilities
Recommended Actions
Broader Context
https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html?m=1