Critical WordPress Plugin Vulnerabilities Expose Over 200,000 Sites to Remote Attacks
WordPress websites relying on the CleanTalk Anti-Spam, FireWall, and Spam Protection plugin are at risk due to two severe vulnerabilities, identified as CVE-2024-10542 and CVE-2024-10781. Affecting over 200,000 websites, these flaws allow attackers to bypass authorization, enabling them to install or activate arbitrary plugins. If exploited, this could lead to remote code execution, giving malicious actors control over the website. The vulnerabilities were patched in versions 6.44 and 6.45, and users are urged to update to avoid exploitation.
The vulnerabilities are the result of an authorization bypass within the plugin. CVE-2024-10781 involves a missing check on the 'api_key' value, which enables unauthorized installation of plugins. Meanwhile, CVE-2024-10542 arises from reverse DNS spoofing in the checkWithoutToken() function, which also enables bypassing security measures. Both flaws give attackers the ability to install, activate, deactivate, or uninstall plugins.
This comes at a time when other cybersecurity experts, such as Sucuri, have raised alarms about campaigns that exploit compromised WordPress sites to inject malicious code. These campaigns often redirect visitors to harmful websites, skimming login credentials, injecting malware, or executing arbitrary PHP code. The vulnerabilities identified in the CleanTalk plugin are a reminder of the ongoing risks posed by third-party plugins in the WordPress ecosystem.
Website owners using the CleanTalk plugin should immediately update to the latest patched versions to secure their sites against these critical threats. With the increasing number of cyberattacks targeting WordPress sites, staying up to date with security patches is essential to safeguarding websites from potential breaches.
Post a Comment