Spam Protection, Honeypot, Anti Spam By Cleantalk
Approved changes feed: RSS · Atom
cpe:2.3:a:cleantalk:spam_protection,_honeypot,_anti-spam_by_cleantalk:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Cleantalk (9b484bb7-b872-59c0-882a-24fda3c4ba24) |
|---|---|
| Product | Spam Protection, Honeypot, Anti Spam By Cleantalk (4bf7c7e3-8fd3-513f-8e61-652659f5441d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1490 |
vulnerable | 2026-06-08 07:49:08.717935 |
Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation
CRITICAL (9.8)
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note: This is only exploitable on sites with an invalid API key.
Published: 2026-02-15T02:22:56.673Z
Updated: 2026-04-08T17:23:28.127Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10781 |
vulnerable | 2026-06-08 06:23:47.530850 |
Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation
HIGH (8.1)
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Published: 2024-11-26T05:33:00.910Z
Updated: 2026-04-08T17:02:11.871Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10542 |
vulnerable | 2026-06-08 06:23:46.911392 |
Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation
CRITICAL (9.8)
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Published: 2024-11-26T05:33:01.407Z
Updated: 2026-04-08T17:26:40.448Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.