Vulnerabilities > Cleantalk

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-51535 Cross-Site Request Forgery (CSRF) vulnerability in Cleantalk Spam Protection, Antispam, Firewall
Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
network
low complexity
cleantalk CWE-352
8.8
2023-11-27 CVE-2023-5239 Unspecified vulnerability in Cleantalk Security & Malware Scan
The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value.
network
low complexity
cleantalk
7.5
2023-10-20 CVE-2020-36698 Missing Authorization vulnerability in Cleantalk Security & Malware Scan
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50.
network
low complexity
cleantalk CWE-862
8.8
2022-10-25 CVE-2022-3302 SQL Injection vulnerability in Cleantalk Spam Protection, Antispam, Firewall
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin
network
low complexity
cleantalk CWE-89
7.2
2022-04-19 CVE-2022-28221 Cross-site Scripting vulnerability in Cleantalk Antispam
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php`
network
cleantalk CWE-79
4.3
2022-04-19 CVE-2022-28222 Cross-site Scripting vulnerability in Cleantalk Antispam
The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php`
network
cleantalk CWE-79
4.3
2021-05-17 CVE-2021-24295 SQL Injection vulnerability in Cleantalk Spam Protection, Antispam, Firewall
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4.
network
low complexity
cleantalk CWE-89
5.0
2021-03-18 CVE-2021-24131 SQL Injection vulnerability in Cleantalk Anti-Spam
Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+).
network
low complexity
cleantalk CWE-89
6.5
2019-11-13 CVE-2019-17515 Cross-site Scripting vulnerability in Cleantalk Spam Protection, Antispam, Firewall
The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS).
network
cleantalk CWE-79
4.3