Search criteria
6 vulnerabilities found for anti-spam by cleantalk
CVE-2024-10542 (GCVE-0-2024-10542)
Vulnerability from nvd – Published: 2024-11-26 05:33 – Updated: 2024-11-26 15:45
VLAI?
Title
Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation
Summary
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cleantalk | Spam protection, Anti-Spam, FireWall by CleanTalk |
Affected:
* , ≤ 6.43.2
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cleantalk:antispam:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "antispam",
"vendor": "cleantalk",
"versions": [
{
"lessThanOrEqual": "6.43.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:44:32.194618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:45:22.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spam protection, Anti-Spam, FireWall by CleanTalk",
"vendor": "cleantalk",
"versions": [
{
"lessThanOrEqual": "6.43.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T05:33:01.407Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7eb5fad-bb62-4f0b-ad52-b16c3e442b62?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.43.2/lib/Cleantalk/ApbctWP/RemoteCalls.php#L41"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-30T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-11-25T17:06:04.000+00:00",
"value": "Disclosed"
}
],
"title": "Spam protection, Anti-Spam, FireWall by CleanTalk \u003c= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10542",
"datePublished": "2024-11-26T05:33:01.407Z",
"dateReserved": "2024-10-30T12:40:50.344Z",
"dateUpdated": "2024-11-26T15:45:22.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51696 (GCVE-0-2023-51696)
Vulnerability from nvd – Published: 2024-02-29 04:39 – Updated: 2025-04-22 15:53
VLAI?
Title
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| СleanTalk - Anti-Spam Protection | Spam protection, Anti-Spam, FireWall by CleanTalk |
Affected:
n/a , ≤ 6.20
(custom)
|
Credits
Elliot (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T18:00:02.991445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:53:28.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "cleantalk-spam-protect",
"product": "Spam protection, Anti-Spam, FireWall by CleanTalk",
"vendor": "\u0421leanTalk - Anti-Spam Protection",
"versions": [
{
"changes": [
{
"at": "6.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.20",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Elliot (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.\u003cp\u003eThis issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T04:39:42.427Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;6.21 or a higher version."
}
],
"value": "Update to\u00a06.21 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin \u003c= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51696",
"datePublished": "2024-02-29T04:39:42.427Z",
"dateReserved": "2023-12-21T18:32:24.434Z",
"dateUpdated": "2025-04-22T15:53:28.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24131 (GCVE-0-2021-24131)
Vulnerability from nvd – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections
Summary
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Anti-Spam by CleanTalk |
Affected:
5.149 , < 5.149
(custom)
|
Credits
Nguyen Anh Tien
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Anti-Spam by CleanTalk",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.149",
"status": "affected",
"version": "5.149",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Nguyen Anh Tien"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:48",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Anti-Spam by CleanTalk \u003c 5.149 - Multiple Authenticated SQL Injections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24131",
"STATE": "PUBLIC",
"TITLE": "Anti-Spam by CleanTalk \u003c 5.149 - Multiple Authenticated SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Anti-Spam by CleanTalk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.149",
"version_value": "5.149"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Nguyen Anh Tien"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24131",
"datePublished": "2021-03-18T14:57:48",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10542 (GCVE-0-2024-10542)
Vulnerability from cvelistv5 – Published: 2024-11-26 05:33 – Updated: 2024-11-26 15:45
VLAI?
Title
Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation
Summary
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Severity ?
9.8 (Critical)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| cleantalk | Spam protection, Anti-Spam, FireWall by CleanTalk |
Affected:
* , ≤ 6.43.2
(semver)
|
Credits
Michael Mazzolini
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cleantalk:antispam:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "antispam",
"vendor": "cleantalk",
"versions": [
{
"lessThanOrEqual": "6.43.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:44:32.194618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:45:22.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spam protection, Anti-Spam, FireWall by CleanTalk",
"vendor": "cleantalk",
"versions": [
{
"lessThanOrEqual": "6.43.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Mazzolini"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T05:33:01.407Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d7eb5fad-bb62-4f0b-ad52-b16c3e442b62?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.43.2/lib/Cleantalk/ApbctWP/RemoteCalls.php#L41"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-30T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-11-25T17:06:04.000+00:00",
"value": "Disclosed"
}
],
"title": "Spam protection, Anti-Spam, FireWall by CleanTalk \u003c= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10542",
"datePublished": "2024-11-26T05:33:01.407Z",
"dateReserved": "2024-10-30T12:40:50.344Z",
"dateUpdated": "2024-11-26T15:45:22.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51696 (GCVE-0-2023-51696)
Vulnerability from cvelistv5 – Published: 2024-02-29 04:39 – Updated: 2025-04-22 15:53
VLAI?
Title
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| СleanTalk - Anti-Spam Protection | Spam protection, Anti-Spam, FireWall by CleanTalk |
Affected:
n/a , ≤ 6.20
(custom)
|
Credits
Elliot (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T18:00:02.991445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:53:28.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:34.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "cleantalk-spam-protect",
"product": "Spam protection, Anti-Spam, FireWall by CleanTalk",
"vendor": "\u0421leanTalk - Anti-Spam Protection",
"versions": [
{
"changes": [
{
"at": "6.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.20",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Elliot (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.\u003cp\u003eThis issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-29T04:39:42.427Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;6.21 or a higher version."
}
],
"value": "Update to\u00a06.21 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin \u003c= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-51696",
"datePublished": "2024-02-29T04:39:42.427Z",
"dateReserved": "2023-12-21T18:32:24.434Z",
"dateUpdated": "2025-04-22T15:53:28.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24131 (GCVE-0-2021-24131)
Vulnerability from cvelistv5 – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections
Summary
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Anti-Spam by CleanTalk |
Affected:
5.149 , < 5.149
(custom)
|
Credits
Nguyen Anh Tien
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Anti-Spam by CleanTalk",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.149",
"status": "affected",
"version": "5.149",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Nguyen Anh Tien"
}
],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:48",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Anti-Spam by CleanTalk \u003c 5.149 - Multiple Authenticated SQL Injections",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24131",
"STATE": "PUBLIC",
"TITLE": "Anti-Spam by CleanTalk \u003c 5.149 - Multiple Authenticated SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Anti-Spam by CleanTalk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.149",
"version_value": "5.149"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Nguyen Anh Tien"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24131",
"datePublished": "2021-03-18T14:57:48",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}