Hey there, WordPress users! Have you heard about the recent security vulnerabilities in the Spam protection, Anti-Spam, FireWall plugin? It turns out that multiple critical vulnerabilities were discovered, putting websites at risk of remote code execution.
Discovering Vulnerabilities in Anti-Spam Plugin
A recent post from Wordfence shed light on the critical vulnerabilities found in the Spam protection, Anti-Spam, FireWall by CleanTalk WordPress plugin. These vulnerabilities have been successfully patched by the developers.
Two main vulnerabilities were identified:
- CVE-2024-10542 (CVSS 9.8): This vulnerability allowed unauthorized plugin installations, potentially leading to code execution by an attacker.
- CVE-2024-10781 (CVSS 8.1): Another vulnerability that could enable remote code execution by an unauthenticated adversary.
Wordfence provided detailed insights into these vulnerabilities in their post.
The vulnerabilities were initially discovered by security researcher Michael Mazzolini, who reported one of the flaws through Wordfence’s bug bounty program and received a bounty for his efforts.
After collaboration with the plugin developers, both vulnerabilities were promptly patched, ensuring the security of WordPress sites using the plugin.
With over 200,000 active installations, it’s crucial for WordPress admins to update their sites with the latest plugin release (version 6.45.2) to protect against these vulnerabilities.
We value your feedback, so feel free to share your thoughts in the comments below.
