Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi
CVE-2022-3302

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Spam Protection, Antispam, Firewall By Cleantalk
Vendor: CVE Published:; 25 October 2022

Summary

The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin

Affected Version(s)

Spam protection, AntiSpam, FireWall by CleanTalk 5.185.1

References

https://wpscan.com/vulnerability/1b5a018d-f2d4-4373-be1e-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2022
Vulnerability Reserved
Sep 26, 2022

Credit

Nguyen Duy Quoc Khanh