Approved changes feed: RSS · Atom

cpe:2.3:a:cleantalk:spam_protection\,_antispam\,_firewall:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorCleantalk (9b484bb7-b872-59c0-882a-24fda3c4ba24)
ProductSpam Protection, Antispam, Firewall (02d8a332-f864-5bb4-8df7-1b6fbf2f54be)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-10781 vulnerable 2026-06-08 06:23:47.532247 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation
HIGH (8.1)
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Published: 2024-11-26T05:33:00.910Z
Updated: 2026-04-08T17:02:11.871Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-51535 vulnerable 2026-06-08 06:17:53.442081 WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.
Published: 2024-01-05T09:57:44.974Z
Updated: 2026-04-28T16:09:03.947Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3302 vulnerable 2026-06-08 05:47:20.275454 Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin
Published: 2022-10-25T00:00:00.000Z
Updated: 2025-05-09T19:02:36.088Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24295 vulnerable 2026-06-08 05:30:04.136193 Time-based Blind SQL Injection in Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset.
Published: 2021-05-17T16:48:53.000Z
Updated: 2024-08-03T19:28:23.468Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-17515 vulnerable 2026-06-08 05:13:10.588995 Details available
The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the from or till parameter. The component is: inc/cleantalk-users.php and inc/cleantalk-comments.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
Published: 2019-11-13T20:08:30.000Z
Updated: 2024-08-05T01:40:15.834Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.