WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability
CVE-2023-33996

8.8HIGH

Key Information:

Vendor: WordPress
Status: Spam Protection, Antispam, Firewall By Cleantalk
Vendor: CVE Published:; 13 December 2024

Summary

A missing authorization vulnerability in the Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk has been identified, which can lead to exploitation stemming from incorrectly configured access control security settings. This issue impacts versions up to and including 6.10, allowing potential attackers to exploit the system and bypass intended security restrictions. Proper measures should be taken to configure access controls accurately to mitigate this security risk and protect against unauthorized access.

Affected Version(s)

Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10

References

https://patchstack.com/database/wordpress/plugin/cleantal...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
May 25, 2023

Credit

Rafshanzani Suhada (Patchstack Alliance)