The Spam Protection, Anti-Spam, and FireWall by CleanTalk plugin for WordPress are vulnerable to two security vulnerabilities tracked as CVE-2024-10542 and CVE-2024-10781. Successful exploitation of the vulnerabilities may allow an unauthenticated attacker to install and enable malicious plugins on vulnerable sites, ultimately leading to remote code execution.
Spam Protection, Anti-Spam, and FireWall by CleanTalk is a universal anti-spam plugin that blocks spam comments, registrations, surveys, and more. The plugin has over 200,000 active installations.
CVE-2024-10542
The vulnerability has a critical severity rating with a CVSS score of 9.8. This unauthorized arbitrary plugin installation originates from an authorization bypass via reverse DNS spoofing on the checkWithoutToken function. The vulnerability may allow an unauthenticated attacker to install and activate arbitrary plugins, leading to remote code execution if another vulnerable plugin is installed and activated.
CVE-2024-10781
The vulnerability has a high severity rating with a CVSS score of 8.1. This unauthorized arbitrary plugin Installation originates from a missing empty value check on the api_key value in the perform function. The vulnerability may allow an unauthenticated attacker to install and activate arbitrary plugins, leading to remote code execution if another vulnerable plugin is installed and activated.
Affected versions
CVE-2024-10542
The vulnerability affects WordPress Spam Protection, Anti-Spam, and FireWall by CleanTalk versions up to and including 6.43.2.
CVE-2024-10781
The vulnerability affects WordPress Spam Protection, Anti-Spam, and FireWall by CleanTalk versions up to and including 6.44.
Mitigation
CVE-2024-10542
Customers must upgrade to WordPress Spam Protection, Anti-Spam, and FireWall by CleanTalk version 6.44.
For more information about the mitigation, please refer to WordPress Security Advisory.
CVE-2024-10781
Customers must upgrade to WordPress Spam Protection, Anti-Spam, and FireWall by CleanTalk version 6.45.
For more information about the mitigation, please refer to WordPress Security Advisory.
Note: Customers may upgrade to the plugin version 6.45 to patch both vulnerabilities.
Qualys Detection
Qualys customers can scan their devices with QIDs 731959 and 731960 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-644-authorization-bypass-due-to-missing-empty-value-check-to-unauthenticated-arbitrary-plugin-installation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-6432-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-arbitrary-plugin-installation
