Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.
The vulnerabilities, tracked as CVE-2024–10542 and CVE-2024–10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions 6.44 and 6.45 released this month.
Installed on over 200,000 WordPress sites, CleanTalk’s Spam protection, Anti-Spam, FireWall plugin is advertised as a “universal anti-spam plugin” that blocks spam comments, registrations, surveys, and more.
Leave a reply