Multiple Vulnerabilities in WordPress Plugin

Published on 27 Nov 2024

CleanTalk has released security updates to address multiple vulnerabilities (CVE-2024-10542 and CVE-2024-10781) in their WordPress spam protection, anti-spam, and firewall plugin. The plugin is an anti-spam solution for the WordPress platform to block various types of spam, including comments, registrations, and surveys. The vulnerability, CVE-2024-10542, has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of the authentication bypass vulnerabilities could allow an unauthenticated attacker to install and execute arbitrary plugins, potentially leading to remote code execution.

The vulnerabilities affect the following product versions:
• CVE-2024-10542: WordPress Spam protection, Anti-Spam, FireWall Plugin versions 6.43.2 and earlier
• CVE-2024-10781: WordPress Spam protection, Anti-Spam, FireWall Plugin versions 6.44 and earlier

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here: