CVE-2024-10570

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 89

Summary

CVE-2024-10570 is a vulnerability affecting the Security & Malware scan feature of the CleanTalk plugin for WordPress. The issue stems from an authorization bypass in the checkWithoutToken function, which can be exploited through reverse DNS spoofing. Malicious actors can leverage this flaw to inject additional SQL queries into existing ones, potentially leading to the extraction of sensitive data from the WordPress database. The vulnerability exists in all versions up to and including 2.145, and is compounded by insufficient input sanitization and validation. Therefore, WordPress users running affected versions of the CleanTalk plugin are advised to upgrade as soon as a patch is available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share