November 26, 2024 at 05:37AM
Two severe vulnerabilities in CleanTalk’s WordPress anti-spam plugin could allow remote code execution by unauthorized attackers, affecting over 200,000 installations. Patches for these flaws were released, but as of late November, many users had not updated, leaving them at risk. Users are urged to upgrade to version 6.45 immediately.
**Meeting Takeaways:**
1. **Vulnerability Identification**: Two significant vulnerabilities in CleanTalk’s anti-spam plugin for WordPress have been identified, allowing remote code execution (RCE) without authentication. These vulnerabilities are tracked as CVE-2024-10542 and CVE-2024-10781, both with a Critical CVSS score of 9.8.
2. **Impact**: The vulnerabilities affect the ‘Spam protection, Anti-Spam, FireWall by CleanTalk’ plugin, which has over 200,000 active installations. Exploitation could permit attackers to install and activate arbitrary plugins.
3. **Details of Vulnerabilities**:
– *CVE-2024-10542*: Involves an authorization bypass that affects remote calls and plugin installations, due to vulnerabilities in functions checking IP and domain names, allowing spoofing.
– *CVE-2024-10781*: A subsequent method of bypassing token authorization discovered in version 6.44, due to unconfigured API keys allowing attackers to exploit an empty hash value.
4. **Responsive Actions**:
– The plugin’s first vulnerability was patched in version 6.44 released on November 1.
– A second patch for CVE-2024-10781 was included in version 6.45, released on November 14.
5. **Current Status**: As of November 26, roughly 50% of the plugin’s active installations are still using unpatched versions, leaving them vulnerable.
6. **Recommendations**: Users are urged to update to version 6.45 immediately to mitigate potential exploitation risks.