Cleantalk Anti-Spam vulnerabilities
4 known vulnerabilities affecting cleantalk/anti-spam.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-10542P2HIGHCVSS 7.5fixed in 6.442024-11-26
CVE-2024-10542 [HIGH] CWE-862 CVE-2024-10542: The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthor
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbit
nvd
CVE-2023-51696P3HIGHCVSS 8.8fixed in 6.212024-02-29
CVE-2023-51696 [HIGH] CWE-352 CVE-2023-51696: Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection,
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
nvd
CVE-2021-24131P3HIGHCVSS 7.2fixed in 5.1492021-03-18
CVE-2021-24131 [HIGH] CWE-89 CVE-2021-24131: Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to mul
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
nvd
CVE-2026-3213P4MEDIUMCVSS 4.7fixed in 9.7.02026-03-25
CVE-2026-3213 [MEDIUM] CWE-79 CVE-2026-3213: Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.
nvd