Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Security & Malware scan by CleanTalk by Unknown

    CVE-2023-5239 (GCVE-0-2023-5239)

    Vulnerability from nvd – Published: 2023-11-27 16:22 – Updated: 2024-08-02 07:52
    VLAI
    Title
    Security & Malware scan by CleanTalk < 2.121 - IP Spoofing
    Summary
    The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/1d748f91-773b-49… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Security & Malware scan by CleanTalk Affected: 0 , < 2.121 (semver)
    Create a notification for this product.
    Credits
    Bartlomiej Marek WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Security \u0026 Malware scan by CleanTalk",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.121",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bartlomiej Marek"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Security \u0026 Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-27T16:22:00.577Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Security \u0026 Malware scan by CleanTalk \u003c 2.121 - IP Spoofing",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-5239",
        "datePublished": "2023-11-27T16:22:00.577Z",
        "dateReserved": "2023-09-27T17:21:24.474Z",
        "dateUpdated": "2024-08-02T07:52:08.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5239 (GCVE-0-2023-5239)

    Vulnerability from cvelistv5 – Published: 2023-11-27 16:22 – Updated: 2024-08-02 07:52
    VLAI
    Title
    Security & Malware scan by CleanTalk < 2.121 - IP Spoofing
    Summary
    The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/1d748f91-773b-49… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Security & Malware scan by CleanTalk Affected: 0 , < 2.121 (semver)
    Create a notification for this product.
    Credits
    Bartlomiej Marek WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Security \u0026 Malware scan by CleanTalk",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "2.121",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Bartlomiej Marek"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Security \u0026 Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-27T16:22:00.577Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/1d748f91-773b-49d6-8f68-a27d397713c3"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Security \u0026 Malware scan by CleanTalk \u003c 2.121 - IP Spoofing",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-5239",
        "datePublished": "2023-11-27T16:22:00.577Z",
        "dateReserved": "2023-09-27T17:21:24.474Z",
        "dateUpdated": "2024-08-02T07:52:08.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }