ThreatPress

WordPress Vulnerability Database

Back

WordPress Anti-Spam by CleanTalk plugin <= 5.148 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities

Product
Spam protection, AntiSpam, FireWall by CleanTalk
Description
Multiple Authenticated SQL Injection (SQLi) vulnerabilities found by Nguyen Anh Tien in WordPress Anti-Spam by CleanTalk plugin (versions <= 5.148).
Solution
Update the WordPress Anti-Spam by CleanTalk plugin to the latest available version (at least 5.149).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 5.148
Fixed In 5.149
Disclosure date
2020-11-20
Credits
Nguyen Anh Tien (SunCSR)