GCVE - cpe:2.3:a:cleantalk:antispam:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cleantalk:antispam:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Cleantalk (`9b484bb7-b872-59c0-882a-24fda3c4ba24`)
Product	Antispam (`e1ee5d22-c54d-58c9-be94-9424c48718a2`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-10781`	vulnerable	2026-06-08 06:23:47.530801	Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation HIGH (8.1) The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Published: 2024-11-26T05:33:00.910Z Updated: 2026-04-08T17:02:11.871Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/79ae062c-b084-4045-9407-2d94919993af?source=cve https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.php#L95 https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.php#L96 https://plugins.trac.wordpress.org/changeset/3188546/cleantalk-spam-protect#file653	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10570`	vulnerable	2026-06-08 06:23:46.974597	Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection HIGH (7.5) The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Published: 2024-11-26T05:33:00.271Z Updated: 2026-04-08T16:41:27.691Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/2187311d-6651-4eca-806d-aa2ff9fae4e2?source=cve https://plugins.trac.wordpress.org/browser/security-malware-firewall/tags/2.145/lib/CleantalkSP/Common/RemoteCalls.php#L59	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10542`	vulnerable	2026-06-08 06:23:46.910274	Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation CRITICAL (9.8) The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Published: 2024-11-26T05:33:01.407Z Updated: 2026-04-08T17:26:40.448Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/d7eb5fad-bb62-4f0b-ad52-b16c3e442b62?source=cve https://plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.43.2/lib/Cleantalk/ApbctWP/RemoteCalls.php#L41 https://plugins.trac.wordpress.org/changeset/3179819/cleantalk-spam-protect#file631	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28222`	vulnerable	2026-06-08 05:42:44.255336	CleanTalk AntiSpam <= 5.173 Reflected XSS MEDIUM (6.1) The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php` Published: 2022-04-19T20:26:39.000Z Updated: 2025-02-07T20:48:19.295Z Open on db.gcve.eu Reference links https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28221`	vulnerable	2026-06-08 05:42:44.254657	CleanTalk AntiSpam <= 5.173 Reflected XSS MEDIUM (6.1) The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter in`/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php` Published: 2022-04-19T20:26:34.000Z Updated: 2025-02-07T20:48:52.797Z Open on db.gcve.eu Reference links https://www.wordfence.com/blog/2022/03/reflected-xss-in-spam-protection-antispam-firewall-by-cleantalk/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.