Connect with us

Tech News

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Sites

Published

on

Latest Hacking News

Multiple critical vulnerabilities were found in the WordPress plugin Spam protection, Anti-Spam, FireWall, which could potentially lead to remote code execution on target websites. The plugin developers have already released patches for these vulnerabilities, so it is crucial for WordPress users to update their sites with the latest plugin release as soon as possible.

Numerous Vulnerabilities Discovered in Anti-Spam WordPress Plugin

According to a recent report from Wordfence, several critical vulnerabilities in the Spam protection, Anti-Spam, FireWall by CleanTalk WordPress plugin have been successfully fixed.

Two specific vulnerabilities were identified in the plugin, exposing websites to various security threats:

  • CVE-2024-10542 (CVSS 9.8): An authorization bypass vulnerability that could allow unauthorized plugin installations by an attacker. This flaw could potentially enable an adversary to execute code on the website if another vulnerable plugin is present. The vulnerability could be triggered through reverse DNS spoofing on the checkWithoutToken function.
  • CVE-2024-10781 (CVSS 8.1): Another authorization bypass was discovered due to a missing empty value check on the ‘api_key’ value in the ‘perform’ function. Exploiting this vulnerability could allow an unauthenticated attacker to install arbitrary plugins and achieve remote code execution.

Wordfence provided detailed technical analyses of these vulnerabilities in their report.

The vulnerabilities were identified by security researcher Michael Mazzolini in separate instances. Mazzolini reported CVE-2024-10542 through Wordfence’s bug bounty program and received a $4095 bounty for the discovery.

Wordfence collaborated with the plugin developers to address the first vulnerability in plugin version 6.44. However, another similar vulnerability, CVE-2024-10781, was later discovered and promptly patched in plugin version 6.45.

The plugin Spam protection, Anti-Spam, FireWall by CleanTalk has over 200,000 active installations, indicating a large number of websites that could be at risk. Therefore, all WordPress administrators using this plugin are strongly advised to update their websites to the latest plugin release (currently version 6.45.2) to ensure they receive all necessary bug fixes.

We welcome your thoughts and feedback in the comments section.

See also  Microsoft August Patch Tuesday Fixed 10 Zero-Day Vulnerabilities

Trending