Unrated severityNVD Advisory· Published Nov 26, 2024· Updated Apr 8, 2026
Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation
CVE-2024-10781
Description
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=6.44+ 1 more
- (no CPE)range: <=6.44
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.phpmitre
- plugins.trac.wordpress.org/browser/cleantalk-spam-protect/tags/6.44/lib/Cleantalk/ApbctWP/RemoteCalls.phpmitre
- plugins.trac.wordpress.org/changeset/3188546/cleantalk-spam-protectmitre
- www.wordfence.com/threat-intel/vulnerabilities/id/79ae062c-b084-4045-9407-2d94919993afmitre
News mentions
0No linked articles in our index yet.