High severity7.5NVD Advisory· Published Nov 26, 2024· Updated Apr 15, 2026

CVE-2024-10570

Description

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected products

WordPress/Security Malware Firewallinferred
Range: <=2.145
Package: https://wordpress.org/plugins/security-malware-firewall

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/security-malware-firewall/tags/2.145/lib/CleantalkSP/Common/RemoteCalls.phpnvd
www.wordfence.com/threat-intel/vulnerabilities/id/2187311d-6651-4eca-806d-aa2ff9fae4e2nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000