GCVE - cpe:2.3:a:cleantalk:anti-spam:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cleantalk:anti-spam:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Cleantalk (`9b484bb7-b872-59c0-882a-24fda3c4ba24`)
Product	Anti Spam (`76c0fbc3-1066-53b1-b4c9-549ebfb51215`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/cleantalk-spam-protect`	purl2cpe	2026-06-01 10:12:52.443330

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-10542`	vulnerable	2026-06-08 06:23:46.912243	Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation CRITICAL (9.8) The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Published: 2024-11-26T05:33:01.407Z Updated: 2026-04-08T17:26:40.448Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/d7eb5fad-bb62-4f0b-ad52-b16c3e442b62?source=cve https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.43.2/lib/Cleantalk/ApbctWP/RemoteCalls.php#L41 https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51696`	vulnerable	2026-06-08 06:17:53.767131	WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. Published: 2024-02-29T04:39:42.427Z Updated: 2026-04-28T16:09:04.938Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/cleantalk-spam-protect/wordpress-spam-protection-antispam-firewall-by-cleantalk-anti-spam-plugin-6-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24131`	vulnerable	2026-06-08 05:30:03.831561	Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+). Published: 2021-03-18T14:57:48.000Z Updated: 2024-08-03T19:21:18.274Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/1bc28021-28c0-43fa-b89e-6b93c345e5d8	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.