CleanTalk Spam protection, Anti-Spam, FireWall by CleanTalk
cpe:2.3:a:cleantalk:spam_protection,_antispam,_firewall:*:*:*:*:wordpress:*:*
- <= 6.71
A vulnerability exists in the CleanTalk Spam Protection, Anti-Spam, FireWall WordPress plugin, in all versions through 6.71. The issue arises from an authorization bypass that allows unauthenticated users to install and activate arbitrary plugins. This vulnerability is made possible by spoofing reverse DNS (PTR records) in the 'checkWithoutToken' function. Notably, this exploit can lead to remote code execution if a vulnerable plugin is activated, and it is only applicable to sites using an invalid API key.
Exploitation of this vulnerability allows for unauthorized installation and activation of plugins, which could be used to execute remote code, especially if another vulnerable plugin is already active.
To reproduce this vulnerability, send a request to the WordPress site with a spoofed PTR record that tricks the server into thinking it is a CleanTalk remote call. This can be done by using a DNS service that allows PTR record manipulation. Ensure that the API key for the site is invalid, as this vulnerability only works under that condition.
Users are advised to update the CleanTalk WordPress plugin to version 6.72 or later.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.