Recent security vulnerabilities have been discovered in the CleanTalk plugins for WordPress, specifically the Spam protection, Anti-Spam, and FireWall components. These flaws enable unauthenticated attackers to install and activate malicious plugins on susceptible websites, raising the alarming prospect of remote code execution. This poses a considerable risk, especially given that the plugin is actively used on over 200,000 WordPress sites.
Two specific vulnerabilities have been identified, tracked as CVE-2024-10542 and CVE-2024-10781. Each carries a Critical Vulnerability Score (CVSS) of 9.8 out of 10, marking them as severe threats to digital security. They were rectified in plugin updates released this month, specifically in versions 6.44 and 6.45.
CleanTalk’s plugins are marketed as universal anti-spam solutions that help block spam comments, registrations, and surveys. However, according to cybersecurity experts at Wordfence, both vulnerabilities relate to an authorization bypass flaw. Such a flaw can permit a malicious entity to install and activate arbitrary plugins, potentially compromising the site’s integrity if those plugins themselves have their own vulnerabilities.
Researcher István Márton highlighted that CVE-2024-10781 arises from the absence of an empty value check on the ‘api_key’ parameter in all versions up to and including 6.44. Conversely, CVE-2024-10542 is rooted in a similar authorization bypass issue tied to reverse DNS spoofing found within the checkWithoutToken() function. This means successful exploitation could allow attackers not only to activate but also to deactivate or uninstall plugins entirely.
Business owners running sites with the affected CleanTalk plugins are urged to immediately update to the latest patched versions to mitigate potential risks. The urgency of this update is amplified by recent warnings from Sucuri regarding multiple ongoing campaigns utilizing compromised WordPress sites to execute malicious payloads. These threats encompass redirects to deceptive ads, skimming login credentials, and the installation of malware that captures administrative passwords; this highlights the pressing need for vigilance in plugin management.
From a cybersecurity perspective, this situation can be contextualized within the MITRE ATT&CK framework. Potential adversary tactics could include Initial Access through exploitation of vulnerabilities, Authorization Bypass techniques that allow unauthorized access, and Persistence through the installation of malicious plugins. Given these findings, it is critical for business owners to prioritize the security of their websites by maintaining vigilant plugin oversight and implementing recommended security updates promptly.
In light of these developments, staying informed about vulnerabilities and their implications for website security is essential for business integrity in the digital landscape. The risks associated with such flaws necessitate a proactive approach to cybersecurity that encompasses immediate software updates and ongoing monitoring for potential threats.
