Vulnerabilities > CVE-2020-36698 - Missing Authorization vulnerability in Cleantalk Security & Malware Scan

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
cleantalk
CWE-862

Summary

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.

Vulnerable Configurations

Part Description Count
Application
Cleantalk
132

Common Weakness Enumeration (CWE)