CleanTalk CSRF Vulnerability Affects Spam Protection, Anti-Spam, and FireWall
CVE-2023-51696

8.8HIGH

Key Information:

Vendor: WordPress
Status: Spam Protection, Anti-spam, Firewall By Cleantalk
Vendor: CVE Published:; 29 February 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the CleanTalk Spam Protection plugin, potentially allowing attackers to perform unauthorized actions on behalf of authenticated users. This issue affects versions up to 6.20, which could lead to serious security implications if exploited. It's crucial for users of this plugin to apply necessary patches or updates to mitigate these risks effectively.

Affected Version(s)

Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.20

References

https://patchstack.com/database/vulnerability/cleantalk-s...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Dec 21, 2023

Credit

Elliot (Patchstack Alliance)