The CleanTalk Spam Protection, Anti-Spam, and Firewall plugin for WordPress is installed on over 200,000 sites and serves as a “universal antispam plugin” designed to block spam comments, registrations, and other malicious activities. Two critical vulnerabilities in the plugin, CVE-2024-10542 and CVE-2024-10781, are currently trending. Both exploit authorization bypasses, potentially allowing unauthenticated attackers to install and activate arbitrary plugins, which could lead to remote code execution (RCE).
| Product | cleantalk-spam-protect |
| Date | 2024-11-29 10:09:13 |
| Information |
|
Technical Summary
CVE-2024-10781
This vulnerability stems from the lack of a check for an empty value for theapi_keyparameter in theperformfunction. Exploiting this flaw allows unauthenticated attackers to install and activate arbitrary plugins on affected sites. If one of the activated plugins contains its own vulnerabilities, attackers can escalate their actions to achieve remote code execution (RCE).CVE-2024-10542
This issue arises from an authorization bypass via reverse DNS spoofing within thecheckWithoutTokenfunction. Attackers can exploit this bypass to perform unauthorized operations, including the installation and activation of arbitrary plugins. The risk of exploitation is higher when malicious or vulnerable plugins are activated, which can lead to potential RCE.
Recommendations
- Immediate Action: Update the CleanTalk Spam Protection, Anti-Spam, and Firewall plugin to version 6.44 or 6.45 to resolve both vulnerabilities.
- Hardening: Regularly audit and monitor your WordPress installation to detect unauthorized changes, including unexpected plugins or configurations.
- Backup and Monitoring: Maintain regular backups of your website and monitor for unauthorized activity to allow for rapid restoration in the event of a compromise.
[Callforaction-THREAT-Footer]
