CVE-2024-10570
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-10570 is a vulnerability affecting the Security & Malware scan feature of the CleanTalk plugin for WordPress. The issue stems from an authorization bypass in the checkWithoutToken function, which can be exploited through reverse DNS spoofing. Malicious actors can leverage this flaw to inject additional SQL queries into existing ones, potentially leading to the extraction of sensitive data from the WordPress database. The vulnerability exists in all versions up to and including 2.145, and is compounded by insufficient input sanitization and validation. Therefore, WordPress users running affected versions of the CleanTalk plugin are advised to upgrade as soon as a patch is available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.