Get an AI Summary of This Article
Want a quick summary? Let AI help you digest the key points from this article.
Summarize in
or
Two critical security vulnerabilities in the WordPress anti-spam plugin CleanTalk, which provides Spam protection, Anti-Spam, and Firewall functions, could allow unauthenticated attackers to install and activate malicious plugins on vulnerable sites, potentially leading to remote code execution, reported The Hacker News.
Tracked as CVE-2024-10542 and CVE-2024-10781, these flaws have a severity rating of 9.8 out of 10. They were fixed in versions 6.44 and 6.45, released this month.
CleanTalk’s plugin, installed on over 200,000 WordPress sites, is marketed as an all-in-one anti-spam solution that blocks unwanted comments, registrations, surveys, and more.
According to Wordfence, both vulnerabilities are due to an authorization bypass that could let attackers install and activate arbitrary plugins. If the activated plugin contains its own vulnerabilities, it could lead to remote code execution.
You Won’t Need Any Extra Security Plugins With Cloudways!
Cloudways’ built-in Malware Protection Add-on shields your site from threats without the need for extra plugins. Focus on growing your business, not troubleshooting security.
CVE-2024-10781 arises from a missing empty value check on the ‘api_key’ parameter in the ‘perform’ function, present in all versions up to 6.44, making it possible to install unauthorized plugins. CVE-2024-10542, on the other hand, involves an authorization bypass via reverse DNS spoofing in the checkWithoutToken() function.
Exploiting either of these vulnerabilities allows attackers to install, activate, deactivate, or uninstall plugins on affected sites.
7 Best WordPress Anti-Malware Plugins to Combat Security Threats
Users of the CleanTalk plugin are urged to update to the latest version to protect their sites from potential attacks.
This warning comes amid reports from Sucuri about ongoing campaigns targeting compromised WordPress sites, which inject malicious code to redirect visitors, steal login credentials, drop malware, and exploit admin passwords, among other threats.
Get an AI Summary of This Article
Want a quick summary? Let AI help you digest the key points from this article.
Share This Article
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Hafsa Tahir
Hafsa is a content marketer who has been in the organic growth space for the past three years. With her background in Psychology and UX, she enjoys reading users' minds and is keen to try the most creative product marketing angles. Her copies scream: "you're not just a paycheck to us". Loves to crack unfunny jokes, pay gym fee and not go, and write psychologically disturbing short stories for some reason.
