cbcvebase.

Cleantalk Spam Protection Antispam Firewall vulnerabilities

5 known vulnerabilities affecting cleantalk/spam_protection_antispam_firewall.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
2
Severity breakdown
HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2021-24295P2HIGHCVSS 7.5ExploitedPoCfixed in 5.153.42021-05-17
CVE-2021-24295 [HIGH] CWE-89 CVE-2021-24295: It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Sp It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set
nvd
CVE-2024-10781P2HIGHCVSS 7.5Exploitedfixed in 6.452024-11-26
CVE-2024-10781 [HIGH] CWE-703 CVE-2024-10781: The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthor The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary pl
nvd
CVE-2023-51535P3HIGHCVSS 8.8≤ 6.202024-01-05
CVE-2023-51535 [HIGH] CWE-352 CVE-2023-51535: Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
nvd
CVE-2022-3302P3HIGHCVSS 7.2fixed in 5.185.12022-10-25
CVE-2022-3302 [HIGH] CWE-89 CVE-2022-3302: The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not valida The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin
nvd
CVE-2019-17515P4MEDIUMCVSS 6.1fixed in 5.127.42019-11-13
CVE-2019-17515 [MEDIUM] CWE-79 CVE-2019-17515: The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is lo
nvd
Cleantalk Spam Protection Antispam Firewall vulnerabilities | cvebase