High severity8.8NVD Advisory· Published Oct 20, 2023· Updated Apr 8, 2026

CVE-2020-36698

Description

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.

Affected products

Cleantalk/Security \& Malware Scan
cpe:2.3:a:cleantalk:security_\&_malware_scan:*:*:*:*:*:wordpress:*:*
Range: <2.51

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin/nvdExploitThird Party Advisory
wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01nvdThird Party Advisory
www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000