Tech News
Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Sites
Multiple critical vulnerabilities were found in the WordPress plugin Spam protection, Anti-Spam, FireWall, which could potentially lead to remote code execution on target websites. The plugin developers have already released patches for these vulnerabilities, so it is crucial for WordPress users to update their sites with the latest plugin release as soon as possible.
Numerous Vulnerabilities Discovered in Anti-Spam WordPress Plugin
According to a recent report from Wordfence, several critical vulnerabilities in the Spam protection, Anti-Spam, FireWall by CleanTalk WordPress plugin have been successfully fixed.
Two specific vulnerabilities were identified in the plugin, exposing websites to various security threats:
- CVE-2024-10542 (CVSS 9.8): An authorization bypass vulnerability that could allow unauthorized plugin installations by an attacker. This flaw could potentially enable an adversary to execute code on the website if another vulnerable plugin is present. The vulnerability could be triggered through reverse DNS spoofing on the checkWithoutToken function.
- CVE-2024-10781 (CVSS 8.1): Another authorization bypass was discovered due to a missing empty value check on the ‘api_key’ value in the ‘perform’ function. Exploiting this vulnerability could allow an unauthenticated attacker to install arbitrary plugins and achieve remote code execution.
Wordfence provided detailed technical analyses of these vulnerabilities in their report.
The vulnerabilities were identified by security researcher Michael Mazzolini in separate instances. Mazzolini reported CVE-2024-10542 through Wordfence’s bug bounty program and received a $4095 bounty for the discovery.
Wordfence collaborated with the plugin developers to address the first vulnerability in plugin version 6.44. However, another similar vulnerability, CVE-2024-10781, was later discovered and promptly patched in plugin version 6.45.
The plugin Spam protection, Anti-Spam, FireWall by CleanTalk has over 200,000 active installations, indicating a large number of websites that could be at risk. Therefore, all WordPress administrators using this plugin are strongly advised to update their websites to the latest plugin release (currently version 6.45.2) to ensure they receive all necessary bug fixes.
We welcome your thoughts and feedback in the comments section.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend