- Description
- The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
تنبيه: ثغرات في #WordPress RCE في اضافة #CleanTalk لمكافحة البريد العشوائي (CVE-2024-10542، CVE-2024-10781) أكثر من 50% من المواقع حول العالم لا تزال عرضة لهجمات RCE بسبب إضافات CleanTalk القديمة. 🔎 تحقق مما إذا كان موقع WordPress الخاص بك متأثرًا! https://t.co/HviG3SIaSL http
@CriminalIP_AR
13 Dec 2024
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
スパム対策 #WordPress プラグイン #CleanTalk のRCE脆弱性 CVE-2024-10542&CVE-2024-10781 にご注意! 脆弱性パッチが公開されたにもかかわらず、世界中の50%以上がまだ悪質なプラグインのインストールとリモートコード実行に脆弱なバージョンを使用しています。… https://t.co/rKVBvwtjBX https://t.co/CELP4gEvAg
@CriminalIP_JP
13 Dec 2024
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
스팸 방지 #워드프레스 플러그인 #CleanTalk 의 RCE 취약점 CVE-2024-10542 & CVE-2024-10781 주의! 취약점 패치가 공개되었음에도 불구하고 전 세계 50% 이상이 아직까지 악성 플러그인 설치와 원격 코드 실행에 취약한 버전을 사용하고 있습니다. 🔎내 사이트에 취약한 CleanTalk 플러그인이… https://t.co/4eSL2xq6q4 https://t.co/BHkD6aSehp
@CriminalIP_KR
13 Dec 2024
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability has been discovered in the CleanTalk Anti-Spam WordPress plugin, affecting over 200,000 sites! With two severe vulnerabilities (CVE-2024-10542 & CVE-2024-10781), attackers can install malicious plugins without any authentication. Don't be the one left
@mpgone_it
3 Dec 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: CVE-2024-10542 🔴 Severity: Critical 🔍 Affected Systems: WordPress plugin CleanTalk 💡 Risk: Remote code execution possible ⚠️ Action Required: Update plugin 💻 Read More: https://t.co/XLb0n9aZ0w #CyberSecurity #CVE #WordPress
@HostStage
3 Dec 2024
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
گروه هکری به نام CleanTalk آسیب پذیری با کدهای شناسایی CVE-2024-10542 و CVE-2024-10781 را در یکی از پلاگین های Wordpress به نام Anti-Spam شناسایی نموده اند. این دو آسیب پذیری امکان نصب و فعال سازی پلاگین های دیگر و اجرای RCE را ایجاد می نمایند. https://t.co/Poz3aKY03t https://t.c
@AmirHossein_sec
2 Dec 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10542 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugi..https://t.co/PlgZY0yH53 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
1 Dec 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Heads up, WordPress users! A critical vulnerability affecting CleanTalk's popular anti-spam plugin has been uncovered. If your site is among the 200,000+ that use it, you need to act fast to avoid potential trouble. Two vulnerabilities (CVE-2024-10542 and CVE-2024-10781)… ht
@mpgone_it
29 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical #WordPress anti-spam plugin flaws (CVE-2024-10542 & CVE-2024-10781) can expose more than 200,000 sites to remote attacks. #Cybersecurity #infosec https://t.co/X0npklXPjC https://t.co/cos8cpXCzI
@twelvesec
28 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT SECURITY ALERT 🚨 A critical vulnerabilities have been discovered in the CleanTalk Anti-Spam plugin, impacting over 200,000 WordPress sites! These flaws (CVE-2024-10542 & CVE-2024-10781) Read full news here https://t.co/aYkakdEPIk https://t.co/GeL8NRNa41
@Hosainfosec
28 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
<セキュリティニュース> WordPressプラグイン「Spam protection, Anti-Spam, FireWall by CleanTalk」で重大な脆弱性 ※6.44以前のバージョン 脆弱性:CVE-2024-10542、CVE-2024-10781 対策 :バージョンを「6.45」以降へ更新 内容… https://t.co/OetV7y850C
@ColorfulBoxJp
28 Nov 2024
103 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10781 Poc Of CVE-2024-10542 and CVE-2024-10781 Broken Authentication in Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 Disclaimer: The information provided in this document regarding fo... https://t.co/jnFWzH6pAZ
@VulmonFeeds
27 Nov 2024
61 Impressions
1 Retweet
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-10542 Poc Of CVE-2024-10542 and CVE-2024-10781 Broken Authentication in Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.43.2 Disclaimer: The information provided in this document regarding fo... https://t.co/ZprXsfu15A
@VulmonFeeds
27 Nov 2024
48 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🌍アフリカでのサイバー犯罪取り締まり作戦、1,006人の容疑者を逮捕・拘束 🚨WordPressのスパム対策プラグインに重大な欠陥、20万超のサイトがリモート攻撃受ける恐れ(CVE-2024-10542、CVE-2024-10781) 〜サイバーアラート 11月27日〜 https://t.co/GYZiUaJxW1 #セキュリティ #インテリジェンス
@MachinaRecord
27 Nov 2024
115 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Las vulnerabilidades, registradas como CVE-2024-10542 y CVE-2024-10781, tienen una puntuación CVSS de 9,8 sobre un máximo de 10,0. Se han corregido en las versiones 6.44 y 6.45 publicadas este mes. Se recomeinda actualizar lo antes posible. https://t.co/9XiXWLF8Gn
@tpx_Security
26 Nov 2024
17 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
200 binden fazla WordPress sitesi tehlikede! ⚠️ 📌 Spam Protection, Anti-Spam ve FireWall eklentilerinde 9.8/10 tehlike puanına sahip iki açık keşfedildi. 📌 CVE-2024-10542 ve CVE-2024-10781 kodlu açıklar, uzaktan kod çalıştırmaya olanak tanıyor. https://t.co/ut672PDeMp
@shiftdeletenet
26 Nov 2024
3985 Impressions
1 Retweet
9 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-10542 & CVE-2024-10781: Two Critical Vulnerabilities in the Anti-Spam by CleanTalk WordPress Plugin ⚠️These vulnerabilities could allow unauthenticated attackers to compromise websites by installing malicious plugins and executing arbitrary code. ZoomEye… https:
@zoomeye_team
26 Nov 2024
370 Impressions
0 Retweets
1 Like
3 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10542: CRITICAL] Vulnerability in CleanTalk plugin for WordPress allows unauthorized plugin installation & potential remote code execution. Update to version 6.43.3 to stay secure.#cybersecurity,#vulnerability https://t.co/cfbYTQ1XHU https://t.co/QQ1f0TyBPL
@CveFindCom
26 Nov 2024
62 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10542 & CVE-2024-10781: Critical WordPress Plugin Flaw Exposes 200,000 Sites https://t.co/gPu7GvPE93
@Dinosn
26 Nov 2024
3112 Impressions
16 Retweets
53 Likes
16 Bookmarks
0 Replies
0 Quotes
🗣 CVE-2024-10542 & CVE-2024-10781: Critical WordPress Plugin Flaw Exposes 200,000 Sites https://t.co/ejkZz9L1n5
@fridaysecurity
26 Nov 2024
150 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes