Critical WordPress Security Alert: Anti-Spam Plugin Vulnerabilities
Two severe security vulnerabilities have been discovered in the CleanTalk Spam Protection, Anti-Spam, and FireWall WordPress plugin, affecting over 200,000 websites. These flaws could enable unauthorized attackers to install malicious plugins and potentially execute remote code.
Key Points:
– Vulnerabilities: CVE-2024-10542 and CVE-2024-10781
– Severity: Critical (CVSS score 9.8/10)
– Fixed in: Versions 6.44 and 6.45
– Impact: Unauthorized plugin installation and potential remote code execution
Technical Details:
1. CVE-2024-10781: Authorization bypass due to missing validation of the ‘api_key’ value
2. CVE-2024-10542: Authorization bypass through reverse DNS spoofing
Potential Threats:
– Installation of malicious plugins
– Activation/deactivation of plugins
– Plugin uninstallation
– Code execution on vulnerable systems
Additional Context:
Sucuri has reported multiple campaigns targeting WordPress sites, leading to:
– Malicious redirects
– Credential theft
– Admin password capture
– VexTrio Viper scam redirections
– Unauthorized PHP code execution
Recommendation:
Users should immediately update to the latest patched version of the plugin to protect their websites from these vulnerabilities.