Back
WordPress Anti-Spam by CleanTalk plugin <= 5.148 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities
- Product
- Spam protection, AntiSpam, FireWall by CleanTalk
- Description
- Multiple Authenticated SQL Injection (SQLi) vulnerabilities found by Nguyen Anh Tien in WordPress Anti-Spam by CleanTalk plugin (versions <= 5.148).
- Solution
- Update the WordPress Anti-Spam by CleanTalk plugin to the latest available version (at least 5.149).
- Classification
-
Type SQL Injection
OWASP Top 10 A1: Injection
- References
-
Plugin changelog
- CVE
- Name CVE-N/A
- Versions
-
Affected In
<= 5.148
Fixed In 5.149
- Disclosure date
- 2020-11-20
- Credits
- Nguyen Anh Tien (SunCSR)