HIGH🇵🇱 Wersja polska

CVE-2023-5239

CVSS 7.5v3.1pub. 2023-11-27upd. 2024-11-21

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Cleantalk Security \& Malware Scan

    APP
    Cleantalk
    ≤ 2.121
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-13365CRITICAL9.8PL ✓ten sam produkt

Nieuwierzytelniony upload plików w pluginie CleanTalk Security & Malware Scan dla WordPress

CVE-2020-36698HIGH8.8ten sam produkt

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction i...

CVE-2024-10542CRITICAL9.8PL ✓ten sam vendor

CleanTalk Anti-Spam: nieautoryzowana instalacja wtyczek przez bypass autoryzacji

CVE-2024-10781HIGH8.1ten sam vendor

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbit...

CVE-2022-3302HIGH7.2ten sam vendor

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids bef...