Unrated severityNVD Advisory· Published Feb 12, 2025· Updated Apr 8, 2026

Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload

CVE-2024-13365

Description

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affected products

Cleantalk/Security \& Malware Scanllm-fuzzy
Range: <=2.149
Cleantalk/Login Security, FireWall, Malware removal by CleanTalkcpe-rescue
Range: 0
WordPress/Security \& Malware Scanwp-canonicalize

Patches

Vulnerability mechanics

References

plugins.trac.wordpress.org/changeset/3229205/security-malware-firewallmitre
www.wordfence.com/threat-intel/vulnerabilities/id/9fa30fa2-6c42-4e5f-a0b5-8711ce5d8121mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000