Overview
- Description
- The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
- Source
- security@wordfence.com
- NVD status
- Received
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-862
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
🌍アフリカでのサイバー犯罪取り締まり作戦、1,006人の容疑者を逮捕・拘束 🚨WordPressのスパム対策プラグインに重大な欠陥、20万超のサイトがリモート攻撃受ける恐れ(CVE-2024-10542、CVE-2024-10781) 〜サイバーアラート 11月27日〜 https://t.co/GYZiUaJxW1 #セキュリティ #インテリジェンス
@MachinaRecord
27 Nov 2024
115 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Las vulnerabilidades, registradas como CVE-2024-10542 y CVE-2024-10781, tienen una puntuación CVSS de 9,8 sobre un máximo de 10,0. Se han corregido en las versiones 6.44 y 6.45 publicadas este mes. Se recomeinda actualizar lo antes posible. https://t.co/9XiXWLF8Gn
@tpx_Security
26 Nov 2024
17 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
200 binden fazla WordPress sitesi tehlikede! ⚠️ 📌 Spam Protection, Anti-Spam ve FireWall eklentilerinde 9.8/10 tehlike puanına sahip iki açık keşfedildi. 📌 CVE-2024-10542 ve CVE-2024-10781 kodlu açıklar, uzaktan kod çalıştırmaya olanak tanıyor. https://t.co/ut672PDeMp
@shiftdeletenet
26 Nov 2024
3951 Impressions
1 Retweet
9 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-10542 & CVE-2024-10781: Two Critical Vulnerabilities in the Anti-Spam by CleanTalk WordPress Plugin ⚠️These vulnerabilities could allow unauthenticated attackers to compromise websites by installing malicious plugins and executing arbitrary code. ZoomEye… https:
@zoomeye_team
26 Nov 2024
370 Impressions
0 Retweets
1 Like
3 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10542: CRITICAL] Vulnerability in CleanTalk plugin for WordPress allows unauthorized plugin installation & potential remote code execution. Update to version 6.43.3 to stay secure.#cybersecurity,#vulnerability https://t.co/cfbYTQ1XHU https://t.co/QQ1f0TyBPL
@CveFindCom
26 Nov 2024
62 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10542 & CVE-2024-10781: Critical WordPress Plugin Flaw Exposes 200,000 Sites https://t.co/gPu7GvPE93
@Dinosn
26 Nov 2024
3112 Impressions
16 Retweets
53 Likes
16 Bookmarks
0 Replies
0 Quotes
🗣 CVE-2024-10542 & CVE-2024-10781: Critical WordPress Plugin Flaw Exposes 200,000 Sites https://t.co/ejkZz9L1n5
@fridaysecurity
26 Nov 2024
150 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes